From 972b850b38156a1e9ae69daa1110c702b324bce6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:36:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0051.json | 230 +++++++------- 2007/0xxx/CVE-2007-0274.json | 240 +++++++-------- 2007/3xxx/CVE-2007-3566.json | 220 +++++++------- 2007/3xxx/CVE-2007-3891.json | 190 ++++++------ 2007/3xxx/CVE-2007-3923.json | 180 +++++------ 2007/3xxx/CVE-2007-3955.json | 180 +++++------ 2007/4xxx/CVE-2007-4627.json | 160 +++++----- 2007/4xxx/CVE-2007-4738.json | 470 ++++++++++++++--------------- 2007/4xxx/CVE-2007-4852.json | 34 +-- 2007/6xxx/CVE-2007-6219.json | 170 +++++------ 2007/6xxx/CVE-2007-6648.json | 160 +++++----- 2014/1xxx/CVE-2014-1230.json | 34 +-- 2014/1xxx/CVE-2014-1485.json | 300 +++++++++--------- 2014/5xxx/CVE-2014-5010.json | 34 +-- 2014/5xxx/CVE-2014-5290.json | 34 +-- 2015/2xxx/CVE-2015-2441.json | 140 ++++----- 2015/6xxx/CVE-2015-6389.json | 140 ++++----- 2015/6xxx/CVE-2015-6531.json | 130 ++++---- 2015/6xxx/CVE-2015-6831.json | 200 ++++++------ 2015/7xxx/CVE-2015-7871.json | 200 ++++++------ 2016/0xxx/CVE-2016-0178.json | 140 ++++----- 2016/0xxx/CVE-2016-0282.json | 140 ++++----- 2016/0xxx/CVE-2016-0427.json | 130 ++++---- 2016/0xxx/CVE-2016-0968.json | 190 ++++++------ 2016/1000xxx/CVE-2016-1000188.json | 34 +-- 2016/10xxx/CVE-2016-10139.json | 140 ++++----- 2016/10xxx/CVE-2016-10360.json | 34 +-- 2016/4xxx/CVE-2016-4148.json | 180 +++++------ 2016/4xxx/CVE-2016-4240.json | 180 +++++------ 2016/4xxx/CVE-2016-4297.json | 34 +-- 2016/4xxx/CVE-2016-4931.json | 130 ++++---- 2016/9xxx/CVE-2016-9037.json | 130 ++++---- 2016/9xxx/CVE-2016-9063.json | 172 +++++------ 2016/9xxx/CVE-2016-9771.json | 34 +-- 2019/2xxx/CVE-2019-2079.json | 34 +-- 2019/2xxx/CVE-2019-2503.json | 168 +++++------ 2019/2xxx/CVE-2019-2663.json | 34 +-- 2019/3xxx/CVE-2019-3095.json | 34 +-- 2019/3xxx/CVE-2019-3416.json | 34 +-- 2019/3xxx/CVE-2019-3886.json | 34 +-- 2019/3xxx/CVE-2019-3971.json | 34 +-- 2019/6xxx/CVE-2019-6251.json | 120 ++++---- 2019/6xxx/CVE-2019-6703.json | 130 ++++---- 2019/6xxx/CVE-2019-6740.json | 34 +-- 2019/6xxx/CVE-2019-6753.json | 34 +-- 2019/6xxx/CVE-2019-6835.json | 34 +-- 2019/7xxx/CVE-2019-7021.json | 34 +-- 2019/7xxx/CVE-2019-7023.json | 34 +-- 2019/7xxx/CVE-2019-7119.json | 34 +-- 2019/7xxx/CVE-2019-7395.json | 140 ++++----- 2019/7xxx/CVE-2019-7576.json | 150 ++++----- 2019/8xxx/CVE-2019-8060.json | 34 +-- 2019/8xxx/CVE-2019-8389.json | 120 ++++---- 2019/8xxx/CVE-2019-8801.json | 34 +-- 2019/8xxx/CVE-2019-8815.json | 34 +-- 2019/8xxx/CVE-2019-8841.json | 34 +-- 2019/9xxx/CVE-2019-9788.json | 34 +-- 57 files changed, 3260 insertions(+), 3260 deletions(-) diff --git a/2007/0xxx/CVE-2007-0051.json b/2007/0xxx/CVE-2007-0051.json index 7a0b117a682..2aa3507d12a 100644 --- a/2007/0xxx/CVE-2007-0051.json +++ b/2007/0xxx/CVE-2007-0051.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability'", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455968/100/0/threaded" - }, - { - "name" : "20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability'", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0100.html" - }, - { - "name" : "http://projects.info-pull.com/moab/MOAB-04-01-2007.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/moab/MOAB-04-01-2007.html" - }, - { - "name" : "http://www.digitalmunition.com/DMA[2007-0104a].txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA[2007-0104a].txt" - }, - { - "name" : "3080", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3080" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305215", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305215" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar//msg00003.html" - }, - { - "name" : "21871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21871" - }, - { - "name" : "ADV-2007-0057", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0057" - }, - { - "name" : "31165", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31165" - }, - { - "name" : "23615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23615" - }, - { - "name" : "iphoto-xmltitle-format-string(31281)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23615" + }, + { + "name": "20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability'", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455968/100/0/threaded" + }, + { + "name": "21871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21871" + }, + { + "name": "http://projects.info-pull.com/moab/MOAB-04-01-2007.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/moab/MOAB-04-01-2007.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305215", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305215" + }, + { + "name": "31165", + "refsource": "OSVDB", + "url": "http://osvdb.org/31165" + }, + { + "name": "20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability'", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0100.html" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar//msg00003.html" + }, + { + "name": "ADV-2007-0057", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0057" + }, + { + "name": "http://www.digitalmunition.com/DMA[2007-0104a].txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA[2007-0104a].txt" + }, + { + "name": "iphoto-xmltitle-format-string(31281)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31281" + }, + { + "name": "3080", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3080" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0274.json b/2007/0xxx/CVE-2007-0274.json index acdd40852f6..a621b3afbbf 100644 --- a/2007/0xxx/CVE-2007-0274.json +++ b/2007/0xxx/CVE-2007-0274.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070125 Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458126/100/0/threaded" - }, - { - "name" : "20070125 Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458112/100/100/threaded" - }, - { - "name" : "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458475/100/100/threaded" - }, - { - "name" : "20070124 Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458037/100/0/threaded" - }, - { - "name" : "20070124 Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458041/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" - }, - { - "name" : "TA07-017A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" - }, - { - "name" : "22083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22083" - }, - { - "name" : "32914", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32914" - }, - { - "name" : "32915", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32915" - }, - { - "name" : "1017522", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017522" - }, - { - "name" : "23794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23794" - }, - { - "name" : "oracle-cpu-jan2007(31541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070124 Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458037/100/0/threaded" + }, + { + "name": "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded" + }, + { + "name": "23794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23794" + }, + { + "name": "20070125 Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458126/100/0/threaded" + }, + { + "name": "32915", + "refsource": "OSVDB", + "url": "http://osvdb.org/32915" + }, + { + "name": "22083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22083" + }, + { + "name": "20070125 Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458112/100/100/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" + }, + { + "name": "TA07-017A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" + }, + { + "name": "oracle-cpu-jan2007(31541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" + }, + { + "name": "1017522", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017522" + }, + { + "name": "20070124 Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458041/100/0/threaded" + }, + { + "name": "32914", + "refsource": "OSVDB", + "url": "http://osvdb.org/32914" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3566.json b/2007/3xxx/CVE-2007-3566.json index ce1a6c03781..213c069bcee 100644 --- a/2007/3xxx/CVE-2007-3566.json +++ b/2007/3xxx/CVE-2007-3566.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070724 TPTI-07-13: Borland Interbase ibserver.exe Create-Request Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474561/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-07-13", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-07-13" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2007/07/24/step-by-step-of-how-tpti-07-013-was-discovered", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2007/07/24/step-by-step-of-how-tpti-07-013-was-discovered" - }, - { - "name" : "http://www.codegear.com/downloads/regusers/interbase", - "refsource" : "MISC", - "url" : "http://www.codegear.com/downloads/regusers/interbase" - }, - { - "name" : "25048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25048" - }, - { - "name" : "ADV-2007-2642", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2642" - }, - { - "name" : "38602", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38602" - }, - { - "name" : "1018451", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018451" - }, - { - "name" : "26189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26189" - }, - { - "name" : "2929", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2929" - }, - { - "name" : "interbase-create-bo(35574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "interbase-create-bo(35574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35574" + }, + { + "name": "20070724 TPTI-07-13: Borland Interbase ibserver.exe Create-Request Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474561/100/0/threaded" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-13", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-13" + }, + { + "name": "26189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26189" + }, + { + "name": "25048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25048" + }, + { + "name": "ADV-2007-2642", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2642" + }, + { + "name": "2929", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2929" + }, + { + "name": "1018451", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018451" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2007/07/24/step-by-step-of-how-tpti-07-013-was-discovered", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2007/07/24/step-by-step-of-how-tpti-07-013-was-discovered" + }, + { + "name": "38602", + "refsource": "OSVDB", + "url": "http://osvdb.org/38602" + }, + { + "name": "http://www.codegear.com/downloads/regusers/interbase", + "refsource": "MISC", + "url": "http://www.codegear.com/downloads/regusers/interbase" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3891.json b/2007/3xxx/CVE-2007-3891.json index 8fa34c2ae7a..a376d73582b 100644 --- a/2007/3xxx/CVE-2007-3891.json +++ b/2007/3xxx/CVE-2007-3891.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-3891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS07-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-048" - }, - { - "name" : "TA07-226A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" - }, - { - "name" : "VU#542808", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/542808" - }, - { - "name" : "25306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25306" - }, - { - "name" : "ADV-2007-2872", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2872" - }, - { - "name" : "oval:org.mitre.oval:def:2071", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2071" - }, - { - "name" : "1018566", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018566" - }, - { - "name" : "26439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:2071", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2071" + }, + { + "name": "26439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26439" + }, + { + "name": "TA07-226A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" + }, + { + "name": "ADV-2007-2872", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2872" + }, + { + "name": "1018566", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018566" + }, + { + "name": "VU#542808", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/542808" + }, + { + "name": "MS07-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-048" + }, + { + "name": "25306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25306" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3923.json b/2007/3xxx/CVE-2007-3923.json index eb458e38abe..608612e21f9 100644 --- a/2007/3xxx/CVE-2007-3923.json +++ b/2007/3xxx/CVE-2007-3923.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070718 Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml" - }, - { - "name" : "24956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24956" - }, - { - "name" : "ADV-2007-2572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2572" - }, - { - "name" : "36120", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36120" - }, - { - "name" : "1018416", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018416" - }, - { - "name" : "26122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26122" - }, - { - "name" : "cisco-waas-edgeservice-dos(35477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070718 Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml" + }, + { + "name": "ADV-2007-2572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2572" + }, + { + "name": "24956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24956" + }, + { + "name": "36120", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36120" + }, + { + "name": "cisco-waas-edgeservice-dos(35477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35477" + }, + { + "name": "1018416", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018416" + }, + { + "name": "26122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26122" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3955.json b/2007/3xxx/CVE-2007-3955.json index 53726c4ed73..fcbc79121b2 100644 --- a/2007/3xxx/CVE-2007-3955.json +++ b/2007/3xxx/CVE-2007-3955.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4217", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4217" - }, - { - "name" : "http://www.vdalabs.com/tools/linkedin.html", - "refsource" : "MISC", - "url" : "http://www.vdalabs.com/tools/linkedin.html" - }, - { - "name" : "25032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25032" - }, - { - "name" : "ADV-2007-2620", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2620" - }, - { - "name" : "37696", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37696" - }, - { - "name" : "26181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26181" - }, - { - "name" : "linkedin-ietoolbar-search-bo(35578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vdalabs.com/tools/linkedin.html", + "refsource": "MISC", + "url": "http://www.vdalabs.com/tools/linkedin.html" + }, + { + "name": "37696", + "refsource": "OSVDB", + "url": "http://osvdb.org/37696" + }, + { + "name": "linkedin-ietoolbar-search-bo(35578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35578" + }, + { + "name": "26181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26181" + }, + { + "name": "25032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25032" + }, + { + "name": "4217", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4217" + }, + { + "name": "ADV-2007-2620", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2620" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4627.json b/2007/4xxx/CVE-2007-4627.json index d6232edd465..e89256b5dd9 100644 --- a/2007/4xxx/CVE-2007-4627.json +++ b/2007/4xxx/CVE-2007-4627.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4338", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4338" - }, - { - "name" : "25476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25476" - }, - { - "name" : "ADV-2007-3037", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3037" - }, - { - "name" : "38434", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38434" - }, - { - "name" : "abcestore-index-sql-injection(36313)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3037", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3037" + }, + { + "name": "4338", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4338" + }, + { + "name": "38434", + "refsource": "OSVDB", + "url": "http://osvdb.org/38434" + }, + { + "name": "25476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25476" + }, + { + "name": "abcestore-index-sql-injection(36313)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36313" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4738.json b/2007/4xxx/CVE-2007-4738.json index 9eded6e5176..c21a84d6e55 100644 --- a/2007/4xxx/CVE-2007-4738.json +++ b/2007/4xxx/CVE-2007-4738.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25525" - }, - { - "name" : "39073", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39073" - }, - { - "name" : "39074", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39074" - }, - { - "name" : "39075", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39075" - }, - { - "name" : "39076", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39076" - }, - { - "name" : "39077", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39077" - }, - { - "name" : "39078", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39078" - }, - { - "name" : "39079", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39079" - }, - { - "name" : "39080", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39080" - }, - { - "name" : "39081", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39081" - }, - { - "name" : "39082", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39082" - }, - { - "name" : "39083", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39083" - }, - { - "name" : "39084", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39084" - }, - { - "name" : "39085", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39085" - }, - { - "name" : "39086", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39086" - }, - { - "name" : "39087", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39087" - }, - { - "name" : "39088", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39088" - }, - { - "name" : "39089", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39089" - }, - { - "name" : "39090", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39090" - }, - { - "name" : "39091", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39091" - }, - { - "name" : "39092", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39092" - }, - { - "name" : "39093", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39093" - }, - { - "name" : "39094", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39094" - }, - { - "name" : "39095", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39095" - }, - { - "name" : "39096", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39096" - }, - { - "name" : "39097", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39097" - }, - { - "name" : "39098", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39098" - }, - { - "name" : "39099", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39099" - }, - { - "name" : "39100", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39100" - }, - { - "name" : "39101", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39101" - }, - { - "name" : "39102", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39102" - }, - { - "name" : "39103", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39103" - }, - { - "name" : "39104", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39104" - }, - { - "name" : "39105", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39105" - }, - { - "name" : "26658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26658" - }, - { - "name" : "speedtech-stphpimageshow-file-include(36417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39077", + "refsource": "OSVDB", + "url": "http://osvdb.org/39077" + }, + { + "name": "39082", + "refsource": "OSVDB", + "url": "http://osvdb.org/39082" + }, + { + "name": "39088", + "refsource": "OSVDB", + "url": "http://osvdb.org/39088" + }, + { + "name": "39076", + "refsource": "OSVDB", + "url": "http://osvdb.org/39076" + }, + { + "name": "39090", + "refsource": "OSVDB", + "url": "http://osvdb.org/39090" + }, + { + "name": "39085", + "refsource": "OSVDB", + "url": "http://osvdb.org/39085" + }, + { + "name": "39079", + "refsource": "OSVDB", + "url": "http://osvdb.org/39079" + }, + { + "name": "39093", + "refsource": "OSVDB", + "url": "http://osvdb.org/39093" + }, + { + "name": "speedtech-stphpimageshow-file-include(36417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417" + }, + { + "name": "39099", + "refsource": "OSVDB", + "url": "http://osvdb.org/39099" + }, + { + "name": "39096", + "refsource": "OSVDB", + "url": "http://osvdb.org/39096" + }, + { + "name": "39102", + "refsource": "OSVDB", + "url": "http://osvdb.org/39102" + }, + { + "name": "39101", + "refsource": "OSVDB", + "url": "http://osvdb.org/39101" + }, + { + "name": "39095", + "refsource": "OSVDB", + "url": "http://osvdb.org/39095" + }, + { + "name": "39105", + "refsource": "OSVDB", + "url": "http://osvdb.org/39105" + }, + { + "name": "39097", + "refsource": "OSVDB", + "url": "http://osvdb.org/39097" + }, + { + "name": "39084", + "refsource": "OSVDB", + "url": "http://osvdb.org/39084" + }, + { + "name": "39074", + "refsource": "OSVDB", + "url": "http://osvdb.org/39074" + }, + { + "name": "39094", + "refsource": "OSVDB", + "url": "http://osvdb.org/39094" + }, + { + "name": "39098", + "refsource": "OSVDB", + "url": "http://osvdb.org/39098" + }, + { + "name": "39083", + "refsource": "OSVDB", + "url": "http://osvdb.org/39083" + }, + { + "name": "39078", + "refsource": "OSVDB", + "url": "http://osvdb.org/39078" + }, + { + "name": "39100", + "refsource": "OSVDB", + "url": "http://osvdb.org/39100" + }, + { + "name": "39103", + "refsource": "OSVDB", + "url": "http://osvdb.org/39103" + }, + { + "name": "39075", + "refsource": "OSVDB", + "url": "http://osvdb.org/39075" + }, + { + "name": "39091", + "refsource": "OSVDB", + "url": "http://osvdb.org/39091" + }, + { + "name": "25525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25525" + }, + { + "name": "39089", + "refsource": "OSVDB", + "url": "http://osvdb.org/39089" + }, + { + "name": "39081", + "refsource": "OSVDB", + "url": "http://osvdb.org/39081" + }, + { + "name": "39087", + "refsource": "OSVDB", + "url": "http://osvdb.org/39087" + }, + { + "name": "26658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26658" + }, + { + "name": "39080", + "refsource": "OSVDB", + "url": "http://osvdb.org/39080" + }, + { + "name": "39104", + "refsource": "OSVDB", + "url": "http://osvdb.org/39104" + }, + { + "name": "39073", + "refsource": "OSVDB", + "url": "http://osvdb.org/39073" + }, + { + "name": "39092", + "refsource": "OSVDB", + "url": "http://osvdb.org/39092" + }, + { + "name": "39086", + "refsource": "OSVDB", + "url": "http://osvdb.org/39086" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4852.json b/2007/4xxx/CVE-2007-4852.json index 08bb5f2cfec..d996eec223f 100644 --- a/2007/4xxx/CVE-2007-4852.json +++ b/2007/4xxx/CVE-2007-4852.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4852", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4852", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6219.json b/2007/6xxx/CVE-2007-6219.json index 9e2178bb1ed..6caa8ca0e80 100644 --- a/2007/6xxx/CVE-2007-6219.json +++ b/2007/6xxx/CVE-2007-6219.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg24017385", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24017385" - }, - { - "name" : "IY95615", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY95615" - }, - { - "name" : "26673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26673" - }, - { - "name" : "ADV-2007-4059", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4059" - }, - { - "name" : "1019026", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019026" - }, - { - "name" : "27900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-4059", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4059" + }, + { + "name": "IY95615", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY95615" + }, + { + "name": "1019026", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019026" + }, + { + "name": "27900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27900" + }, + { + "name": "26673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26673" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24017385", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017385" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6648.json b/2007/6xxx/CVE-2007-6648.json index ba6334affe8..bb044bb4e2c 100644 --- a/2007/6xxx/CVE-2007-6648.json +++ b/2007/6xxx/CVE-2007-6648.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4816", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4816" - }, - { - "name" : "27072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27072" - }, - { - "name" : "39784", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39784" - }, - { - "name" : "28270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28270" - }, - { - "name" : "sanybeegallery-index-file-include(39392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28270" + }, + { + "name": "27072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27072" + }, + { + "name": "39784", + "refsource": "OSVDB", + "url": "http://osvdb.org/39784" + }, + { + "name": "sanybeegallery-index-file-include(39392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39392" + }, + { + "name": "4816", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4816" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1230.json b/2014/1xxx/CVE-2014-1230.json index a0307dc147c..f0b07c64acc 100644 --- a/2014/1xxx/CVE-2014-1230.json +++ b/2014/1xxx/CVE-2014-1230.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1230", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1230", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1485.json b/2014/1xxx/CVE-2014-1485.json index 2ddac4aba94..0e561f2c229 100644 --- a/2014/1xxx/CVE-2014-1485.json +++ b/2014/1xxx/CVE-2014-1485.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=910139", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=910139" - }, - { - "name" : "https://8pecxstudios.com/?page_id=44080", - "refsource" : "CONFIRM", - "url" : "https://8pecxstudios.com/?page_id=44080" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "SUSE-SU-2014:0248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" - }, - { - "name" : "openSUSE-SU-2014:0212", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" - }, - { - "name" : "openSUSE-SU-2014:0419", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" - }, - { - "name" : "USN-2102-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-1" - }, - { - "name" : "USN-2102-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-2" - }, - { - "name" : "65322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65322" - }, - { - "name" : "102871", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102871" - }, - { - "name" : "1029717", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029717" - }, - { - "name" : "1029720", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029720" - }, - { - "name" : "56706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56706" - }, - { - "name" : "56767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56767" - }, - { - "name" : "56787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56787" - }, - { - "name" : "56888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56888" - }, - { - "name" : "firefox-xslt-cve20141485xss(90891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0212", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" + }, + { + "name": "1029717", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029717" + }, + { + "name": "https://8pecxstudios.com/?page_id=44080", + "refsource": "CONFIRM", + "url": "https://8pecxstudios.com/?page_id=44080" + }, + { + "name": "56787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56787" + }, + { + "name": "1029720", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029720" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=910139", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=910139" + }, + { + "name": "USN-2102-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-2" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "56888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56888" + }, + { + "name": "openSUSE-SU-2014:0419", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" + }, + { + "name": "65322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65322" + }, + { + "name": "firefox-xslt-cve20141485xss(90891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90891" + }, + { + "name": "SUSE-SU-2014:0248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" + }, + { + "name": "USN-2102-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-1" + }, + { + "name": "56767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56767" + }, + { + "name": "102871", + "refsource": "OSVDB", + "url": "http://osvdb.org/102871" + }, + { + "name": "56706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56706" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5010.json b/2014/5xxx/CVE-2014-5010.json index cf259be45ca..6cbfab5e61c 100644 --- a/2014/5xxx/CVE-2014-5010.json +++ b/2014/5xxx/CVE-2014-5010.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5010", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5010", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5290.json b/2014/5xxx/CVE-2014-5290.json index f92f3b5c6b4..a9e8091184f 100644 --- a/2014/5xxx/CVE-2014-5290.json +++ b/2014/5xxx/CVE-2014-5290.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5290", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5290", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2441.json b/2015/2xxx/CVE-2015-2441.json index a4eac28a332..e3eb0194dd4 100644 --- a/2015/2xxx/CVE-2015-2441.json +++ b/2015/2xxx/CVE-2015-2441.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-2452." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" - }, - { - "name" : "MS15-091", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-091" - }, - { - "name" : "1033237", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-2452." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033237", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033237" + }, + { + "name": "MS15-091", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-091" + }, + { + "name": "MS15-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6389.json b/2015/6xxx/CVE-2015-6389.json index 99014728aed..18d8c0a551c 100644 --- a/2015/6xxx/CVE-2015-6389.json +++ b/2015/6xxx/CVE-2015-6389.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151209 Cisco Prime Collaboration Assurance Default Account Credential Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca" - }, - { - "name" : "78738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78738" - }, - { - "name" : "1034361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78738" + }, + { + "name": "1034361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034361" + }, + { + "name": "20151209 Cisco Prime Collaboration Assurance Default Account Credential Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6531.json b/2015/6xxx/CVE-2015-6531.json index 5f25372b405..6fe8de7684f 100644 --- a/2015/6xxx/CVE-2015-6531.json +++ b/2015/6xxx/CVE-2015-6531.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2015-02", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2015-02" - }, - { - "name" : "76862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2015-02", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2015-02" + }, + { + "name": "76862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76862" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6831.json b/2015/6xxx/CVE-2015-6831.json index 95377731389..24c1c069dac 100644 --- a/2015/6xxx/CVE-2015-6831.json +++ b/2015/6xxx/CVE-2015-6831.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2015-6831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150819 CVE Request: more php unserializing issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/19/3" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=70155", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=70155" - }, - { - "name" : "https://bugs.php.net/bug.php?id=70166", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=70166" - }, - { - "name" : "https://bugs.php.net/bug.php?id=70168", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=70168" - }, - { - "name" : "https://bugs.php.net/bug.php?id=70169", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=70169" - }, - { - "name" : "DSA-3344", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3344" - }, - { - "name" : "GLSA-201606-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-10" - }, - { - "name" : "76737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3344", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3344" + }, + { + "name": "76737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76737" + }, + { + "name": "https://bugs.php.net/bug.php?id=70169", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=70169" + }, + { + "name": "https://bugs.php.net/bug.php?id=70168", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=70168" + }, + { + "name": "[oss-security] 20150819 CVE Request: more php unserializing issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/19/3" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://bugs.php.net/bug.php?id=70166", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=70166" + }, + { + "name": "https://bugs.php.net/bug.php?id=70155", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=70155" + }, + { + "name": "GLSA-201606-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-10" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7871.json b/2015/7xxx/CVE-2015-7871.json index 2224838d502..0a670570819 100644 --- a/2015/7xxx/CVE-2015-7871.json +++ b/2015/7xxx/CVE-2015-7871.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug2941", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug2941" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1274265", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1274265" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171004-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171004-0001/" - }, - { - "name" : "DSA-3388", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3388" - }, - { - "name" : "GLSA-201604-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-03" - }, - { - "name" : "GLSA-201607-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-15" - }, - { - "name" : "77287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77287" - }, - { - "name" : "1033951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug2941", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug2941" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265" + }, + { + "name": "1033951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033951" + }, + { + "name": "DSA-3388", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3388" + }, + { + "name": "77287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77287" + }, + { + "name": "GLSA-201604-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-03" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839" + }, + { + "name": "GLSA-201607-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-15" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171004-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0178.json b/2016/0xxx/CVE-2016-0178.json index d3ad7a24295..96f155ff42c 100644 --- a/2016/0xxx/CVE-2016-0178.json +++ b/2016/0xxx/CVE-2016-0178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka \"RPC Network Data Representation Engine Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-061" - }, - { - "name" : "90032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90032" - }, - { - "name" : "1035837", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka \"RPC Network Data Representation Engine Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-061" + }, + { + "name": "1035837", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035837" + }, + { + "name": "90032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90032" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0282.json b/2016/0xxx/CVE-2016-0282.json index b35d79a0454..ac714b2e853 100644 --- a/2016/0xxx/CVE-2016-0282.json +++ b/2016/0xxx/CVE-2016-0282.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991722", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991722" - }, - { - "name" : "94558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94558" - }, - { - "name" : "1037383", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991722", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991722" + }, + { + "name": "1037383", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037383" + }, + { + "name": "94558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94558" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0427.json b/2016/0xxx/CVE-2016-0427.json index 80665f11407..3ec1e2a46c2 100644 --- a/2016/0xxx/CVE-2016-0427.json +++ b/2016/0xxx/CVE-2016-0427.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034734", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034734", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034734" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0968.json b/2016/0xxx/CVE-2016-0968.json index b15b4a8dc82..1b305a96459 100644 --- a/2016/0xxx/CVE-2016-0968.json +++ b/2016/0xxx/CVE-2016-0968.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-0968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html" - }, - { - "name" : "GLSA-201603-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-07" - }, - { - "name" : "RHSA-2016:0166", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0166.html" - }, - { - "name" : "SUSE-SU-2016:0398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html" - }, - { - "name" : "SUSE-SU-2016:0400", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html" - }, - { - "name" : "openSUSE-SU-2016:0412", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:0415", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html" - }, - { - "name" : "1034970", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:0400", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html" + }, + { + "name": "1034970", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034970" + }, + { + "name": "GLSA-201603-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-07" + }, + { + "name": "RHSA-2016:0166", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0166.html" + }, + { + "name": "openSUSE-SU-2016:0415", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html" + }, + { + "name": "openSUSE-SU-2016:0412", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html" + }, + { + "name": "SUSE-SU-2016:0398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000188.json b/2016/1000xxx/CVE-2016-1000188.json index be132af3bbc..910f19e4835 100644 --- a/2016/1000xxx/CVE-2016-1000188.json +++ b/2016/1000xxx/CVE-2016-1000188.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000188", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000188", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10139.json b/2016/10xxx/CVE-2016-10139.json index edd3e71254b..ee35b7e14a9 100644 --- a/2016/10xxx/CVE-2016-10139.json +++ b/2016/10xxx/CVE-2016-10139.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. Therefore, the app executing as the system user has been granted a number of powerful permissions even though they are not present in the com.adups.fota.sysoper app's AndroidManifest.xml file. This app provides the com.adups.fota app access to the user's call log, text messages, and various device identifiers through the com.adups.fota.sysoper.provider.InfoProvider component. The com.adups.fota app uses timestamps when it runs and is eligible to exfiltrate the user's PII every 72 hours. If 72 hours have passed since the value of the timestamp, then the exfiltration will be triggered by the user plugging in the device to charge or when they leave or enter a wireless network. The exfiltration occurs in the background without any user interaction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/adups_security_analysis.html", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/adups_security_analysis.html" - }, - { - "name" : "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html", - "refsource" : "MISC", - "url" : "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html" - }, - { - "name" : "96858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. Therefore, the app executing as the system user has been granted a number of powerful permissions even though they are not present in the com.adups.fota.sysoper app's AndroidManifest.xml file. This app provides the com.adups.fota app access to the user's call log, text messages, and various device identifiers through the com.adups.fota.sysoper.provider.InfoProvider component. The com.adups.fota app uses timestamps when it runs and is eligible to exfiltrate the user's PII every 72 hours. If 72 hours have passed since the value of the timestamp, then the exfiltration will be triggered by the user plugging in the device to charge or when they leave or enter a wireless network. The exfiltration occurs in the background without any user interaction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96858" + }, + { + "name": "https://www.kryptowire.com/adups_security_analysis.html", + "refsource": "MISC", + "url": "https://www.kryptowire.com/adups_security_analysis.html" + }, + { + "name": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html", + "refsource": "MISC", + "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10360.json b/2016/10xxx/CVE-2016-10360.json index 1064d7adce0..2de5f56e453 100644 --- a/2016/10xxx/CVE-2016-10360.json +++ b/2016/10xxx/CVE-2016-10360.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10360", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-10360", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4148.json b/2016/4xxx/CVE-2016-4148.json index 47d6345a963..3a808d9462a 100644 --- a/2016/4xxx/CVE-2016-4148.json +++ b/2016/4xxx/CVE-2016-4148.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" - }, - { - "name" : "MS16-083", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" - }, - { - "name" : "RHSA-2016:1238", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1238" - }, - { - "name" : "SUSE-SU-2016:1613", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" - }, - { - "name" : "openSUSE-SU-2016:1621", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" - }, - { - "name" : "openSUSE-SU-2016:1625", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" - }, - { - "name" : "1036117", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036117", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036117" + }, + { + "name": "MS16-083", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" + }, + { + "name": "openSUSE-SU-2016:1625", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" + }, + { + "name": "RHSA-2016:1238", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1238" + }, + { + "name": "openSUSE-SU-2016:1621", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" + }, + { + "name": "SUSE-SU-2016:1613", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4240.json b/2016/4xxx/CVE-2016-4240.json index 7262d4043b0..00af0af910e 100644 --- a/2016/4xxx/CVE-2016-4240.json +++ b/2016/4xxx/CVE-2016-4240.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" - }, - { - "name" : "GLSA-201607-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-03" - }, - { - "name" : "RHSA-2016:1423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1423" - }, - { - "name" : "SUSE-SU-2016:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" - }, - { - "name" : "91725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91725" - }, - { - "name" : "1036280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" + }, + { + "name": "GLSA-201607-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-03" + }, + { + "name": "openSUSE-SU-2016:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" + }, + { + "name": "91725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91725" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" + }, + { + "name": "RHSA-2016:1423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1423" + }, + { + "name": "1036280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036280" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4297.json b/2016/4xxx/CVE-2016-4297.json index cd6b88cfc2b..6fb3e7f2ff8 100644 --- a/2016/4xxx/CVE-2016-4297.json +++ b/2016/4xxx/CVE-2016-4297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4931.json b/2016/4xxx/CVE-2016-4931.json index 2fbee3aabf0..6be58423452 100644 --- a/2016/4xxx/CVE-2016-4931.json +++ b/2016/4xxx/CVE-2016-4931.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2016-4931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760" - }, - { - "name" : "93540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93540" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9037.json b/2016/9xxx/CVE-2016-9037.json index f3ce9f894ed..fcbc1f18fe3 100644 --- a/2016/9xxx/CVE-2016-9037.json +++ b/2016/9xxx/CVE-2016-9037.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-9037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tarantool", - "version" : { - "version_data" : [ - { - "version_value" : "1.7.2-0-g8e92715" - } - ] - } - } - ] - }, - "vendor_name" : "Tarantool" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125: Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-9037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tarantool", + "version": { + "version_data": [ + { + "version_value": "1.7.2-0-g8e92715" + } + ] + } + } + ] + }, + "vendor_name": "Tarantool" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0255/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0255/" - }, - { - "name" : "95063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0255/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0255/" + }, + { + "name": "95063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95063" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9063.json b/2016/9xxx/CVE-2016-9063.json index 06f67367cb6..9e5606c3392 100644 --- a/2016/9xxx/CVE-2016-9063.json +++ b/2016/9xxx/CVE-2016-9063.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-9063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Possible integer overflow to fix inside XML_Parse in Expat" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-9063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" - }, - { - "name" : "DSA-3898", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3898" - }, - { - "name" : "94337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94337" - }, - { - "name" : "1037298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037298" - }, - { - "name" : "1039427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Possible integer overflow to fix inside XML_Parse in Expat" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3898", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3898" + }, + { + "name": "94337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94337" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777" + }, + { + "name": "1037298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037298" + }, + { + "name": "1039427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039427" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9771.json b/2016/9xxx/CVE-2016-9771.json index 7fe83889009..88e9f38f8a9 100644 --- a/2016/9xxx/CVE-2016-9771.json +++ b/2016/9xxx/CVE-2016-9771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9771", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9771", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2079.json b/2019/2xxx/CVE-2019-2079.json index a2d35148b1d..a5ea84fc565 100644 --- a/2019/2xxx/CVE-2019-2079.json +++ b/2019/2xxx/CVE-2019-2079.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2079", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2079", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2503.json b/2019/2xxx/CVE-2019-2503.json index 4f52a48be7b..936c0a60f59 100644 --- a/2019/2xxx/CVE-2019-2503.json +++ b/2019/2xxx/CVE-2019-2503.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.42 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.24 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.42 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.24 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "USN-3867-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3867-1/" - }, - { - "name" : "106626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106626" + }, + { + "name": "USN-3867-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3867-1/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2663.json b/2019/2xxx/CVE-2019-2663.json index d2b18b8faa4..05f59cb3b22 100644 --- a/2019/2xxx/CVE-2019-2663.json +++ b/2019/2xxx/CVE-2019-2663.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2663", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2663", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3095.json b/2019/3xxx/CVE-2019-3095.json index 8f921231d12..aa23c9fea5b 100644 --- a/2019/3xxx/CVE-2019-3095.json +++ b/2019/3xxx/CVE-2019-3095.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3095", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3095", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3416.json b/2019/3xxx/CVE-2019-3416.json index 5ab677871d8..fccff3c36a5 100644 --- a/2019/3xxx/CVE-2019-3416.json +++ b/2019/3xxx/CVE-2019-3416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3416", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3416", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3886.json b/2019/3xxx/CVE-2019-3886.json index 7123239a3aa..c38b4c6c45b 100644 --- a/2019/3xxx/CVE-2019-3886.json +++ b/2019/3xxx/CVE-2019-3886.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3886", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3886", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3971.json b/2019/3xxx/CVE-2019-3971.json index cf9554300ea..8c5adb6c721 100644 --- a/2019/3xxx/CVE-2019-3971.json +++ b/2019/3xxx/CVE-2019-3971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3971", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3971", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6251.json b/2019/6xxx/CVE-2019-6251.json index abd6701590c..35d367c5bb3 100644 --- a/2019/6xxx/CVE-2019-6251.json +++ b/2019/6xxx/CVE-2019-6251.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer visit type (e.g., VISIT_LINK, VISIT_TYPED, VISIT_BOOKMARK, or VISIT_HOMEPAGE). This is similar to the CVE-2018-8383 issue in Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.gnome.org/GNOME/epiphany/issues/532", - "refsource" : "MISC", - "url" : "https://gitlab.gnome.org/GNOME/epiphany/issues/532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer visit type (e.g., VISIT_LINK, VISIT_TYPED, VISIT_BOOKMARK, or VISIT_HOMEPAGE). This is similar to the CVE-2018-8383 issue in Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.gnome.org/GNOME/epiphany/issues/532", + "refsource": "MISC", + "url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6703.json b/2019/6xxx/CVE-2019-6703.json index fc44adfc087..3cd83f878b5 100644 --- a/2019/6xxx/CVE-2019-6703.json +++ b/2019/6xxx/CVE-2019-6703.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/", - "refsource" : "MISC", - "url" : "https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9208", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/", + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9208", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9208" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6740.json b/2019/6xxx/CVE-2019-6740.json index af77d6d2a56..94d5a39d8ff 100644 --- a/2019/6xxx/CVE-2019-6740.json +++ b/2019/6xxx/CVE-2019-6740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6753.json b/2019/6xxx/CVE-2019-6753.json index bc0bf25270c..875cda6e237 100644 --- a/2019/6xxx/CVE-2019-6753.json +++ b/2019/6xxx/CVE-2019-6753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6753", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6753", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6835.json b/2019/6xxx/CVE-2019-6835.json index e4825daed39..4ddf075a27d 100644 --- a/2019/6xxx/CVE-2019-6835.json +++ b/2019/6xxx/CVE-2019-6835.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6835", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6835", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7021.json b/2019/7xxx/CVE-2019-7021.json index 98e37fd6d14..e6ec505a3a5 100644 --- a/2019/7xxx/CVE-2019-7021.json +++ b/2019/7xxx/CVE-2019-7021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7021", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7021", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7023.json b/2019/7xxx/CVE-2019-7023.json index fcb48e951e2..1cccb89b478 100644 --- a/2019/7xxx/CVE-2019-7023.json +++ b/2019/7xxx/CVE-2019-7023.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7023", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7023", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7119.json b/2019/7xxx/CVE-2019-7119.json index 890f49e8ccf..e87f7c20fd6 100644 --- a/2019/7xxx/CVE-2019-7119.json +++ b/2019/7xxx/CVE-2019-7119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7395.json b/2019/7xxx/CVE-2019-7395.json index f78966206ae..24577ebf3ba 100644 --- a/2019/7xxx/CVE-2019-7395.json +++ b/2019/7xxx/CVE-2019-7395.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1451", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1451" - }, - { - "name" : "106850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1451", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1451" + }, + { + "name": "106850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106850" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7576.json b/2019/7xxx/CVE-2019-7576.json index 36216d78edf..52b0e935e98 100644 --- a/2019/7xxx/CVE-2019-7576.json +++ b/2019/7xxx/CVE-2019-7576.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html" - }, - { - "name" : "https://bugzilla.libsdl.org/show_bug.cgi?id=4490", - "refsource" : "MISC", - "url" : "https://bugzilla.libsdl.org/show_bug.cgi?id=4490" - }, - { - "name" : "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720", - "refsource" : "MISC", - "url" : "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html" + }, + { + "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4490", + "refsource": "MISC", + "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4490" + }, + { + "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html" + }, + { + "name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720", + "refsource": "MISC", + "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8060.json b/2019/8xxx/CVE-2019-8060.json index d599445f8ce..dce24d42c40 100644 --- a/2019/8xxx/CVE-2019-8060.json +++ b/2019/8xxx/CVE-2019-8060.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8060", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8060", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8389.json b/2019/8xxx/CVE-2019-8389.json index 7f3d7f3d1fe..c3f4f4c9885 100644 --- a/2019/8xxx/CVE-2019-8389.json +++ b/2019/8xxx/CVE-2019-8389.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/shawarkhanethicalhacker/b98c5ac7491cf77732c793ecc468f465", - "refsource" : "MISC", - "url" : "https://gist.github.com/shawarkhanethicalhacker/b98c5ac7491cf77732c793ecc468f465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/shawarkhanethicalhacker/b98c5ac7491cf77732c793ecc468f465", + "refsource": "MISC", + "url": "https://gist.github.com/shawarkhanethicalhacker/b98c5ac7491cf77732c793ecc468f465" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8801.json b/2019/8xxx/CVE-2019-8801.json index 438ccc500db..d39929eb9fb 100644 --- a/2019/8xxx/CVE-2019-8801.json +++ b/2019/8xxx/CVE-2019-8801.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8801", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8801", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8815.json b/2019/8xxx/CVE-2019-8815.json index 64675dbebfe..1b71feabd8c 100644 --- a/2019/8xxx/CVE-2019-8815.json +++ b/2019/8xxx/CVE-2019-8815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8815", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8815", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8841.json b/2019/8xxx/CVE-2019-8841.json index 61640d058b0..2e57bbe664b 100644 --- a/2019/8xxx/CVE-2019-8841.json +++ b/2019/8xxx/CVE-2019-8841.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8841", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8841", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9788.json b/2019/9xxx/CVE-2019-9788.json index 5fbe3b1d0a4..c5e671cbb8c 100644 --- a/2019/9xxx/CVE-2019-9788.json +++ b/2019/9xxx/CVE-2019-9788.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9788", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9788", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file