diff --git a/2007/0xxx/CVE-2007-0239.json b/2007/0xxx/CVE-2007-0239.json index 0120d8dc62d..973a1ab361c 100644 --- a/2007/0xxx/CVE-2007-0239.json +++ b/2007/0xxx/CVE-2007-0239.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.foresightlinux.org/browse/FL-211", - "refsource" : "CONFIRM", - "url" : "https://issues.foresightlinux.org/browse/FL-211" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1118", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1118" - }, - { - "name" : "DSA-1270", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1270" - }, - { - "name" : "GLSA-200704-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml" - }, - { - "name" : "MDKSA-2007:073", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:073" - }, - { - "name" : "RHSA-2007:0033", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0033.html" - }, - { - "name" : "RHSA-2007:0069", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0069.html" - }, - { - "name" : "102807", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102807-1" - }, - { - "name" : "SUSE-SA:2007:023", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html" - }, - { - "name" : "USN-444-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-444-1" - }, - { - "name" : "22812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22812" - }, - { - "name" : "oval:org.mitre.oval:def:11422", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11422" - }, - { - "name" : "ADV-2007-1032", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1032" - }, - { - "name" : "ADV-2007-1117", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1117" - }, - { - "name" : "1017799", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017799" - }, - { - "name" : "24465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24465" - }, - { - "name" : "24550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24550" - }, - { - "name" : "24646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24646" - }, - { - "name" : "24647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24647" - }, - { - "name" : "24676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24676" - }, - { - "name" : "24810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24810" - }, - { - "name" : "24906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24906" - }, - { - "name" : "24588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24588" - }, - { - "name" : "24613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24613" - }, - { - "name" : "openoffice-shell-command-execution(33113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200704-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml" + }, + { + "name": "24588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24588" + }, + { + "name": "https://issues.foresightlinux.org/browse/FL-211", + "refsource": "CONFIRM", + "url": "https://issues.foresightlinux.org/browse/FL-211" + }, + { + "name": "22812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22812" + }, + { + "name": "24810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24810" + }, + { + "name": "SUSE-SA:2007:023", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html" + }, + { + "name": "RHSA-2007:0033", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0033.html" + }, + { + "name": "ADV-2007-1032", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1032" + }, + { + "name": "USN-444-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-444-1" + }, + { + "name": "24613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24613" + }, + { + "name": "24676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24676" + }, + { + "name": "24550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24550" + }, + { + "name": "24465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24465" + }, + { + "name": "DSA-1270", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1270" + }, + { + "name": "MDKSA-2007:073", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:073" + }, + { + "name": "openoffice-shell-command-execution(33113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33113" + }, + { + "name": "24646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24646" + }, + { + "name": "1017799", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017799" + }, + { + "name": "RHSA-2007:0069", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0069.html" + }, + { + "name": "102807", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102807-1" + }, + { + "name": "24647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24647" + }, + { + "name": "ADV-2007-1117", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1117" + }, + { + "name": "oval:org.mitre.oval:def:11422", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11422" + }, + { + "name": "24906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24906" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1118", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1118" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0467.json b/2007/0xxx/CVE-2007-0467.json index 2aa94c8a70e..8ecef2bbe4e 100644 --- a/2007/0xxx/CVE-2007-0467.json +++ b/2007/0xxx/CVE-2007-0467.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/moab/MOAB-28-01-2007.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/moab/MOAB-28-01-2007.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "VU#363112", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/363112" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "32706", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32706" - }, - { - "name" : "1017751", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017751" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - }, - { - "name" : "macos-crashreporterd-privilege-escalation(31888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-crashreporterd-privilege-escalation(31888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31888" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "1017751", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017751" + }, + { + "name": "http://projects.info-pull.com/moab/MOAB-28-01-2007.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/moab/MOAB-28-01-2007.html" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "32706", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32706" + }, + { + "name": "VU#363112", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/363112" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0496.json b/2007/0xxx/CVE-2007-0496.json index e0ddfda9913..f1cedd087ee 100644 --- a/2007/0xxx/CVE-2007-0496.json +++ b/2007/0xxx/CVE-2007-0496.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3163", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3163" - }, - { - "name" : "ADV-2007-0268", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0268" - }, - { - "name" : "36797", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36797", + "refsource": "OSVDB", + "url": "http://osvdb.org/36797" + }, + { + "name": "3163", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3163" + }, + { + "name": "ADV-2007-0268", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0268" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3087.json b/2007/3xxx/CVE-2007-3087.json index 3edb9a67898..57c42611bf2 100644 --- a/2007/3xxx/CVE-2007-3087.json +++ b/2007/3xxx/CVE-2007-3087.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070604 2007-06-03: PeerCast streaming server submits cleartext password", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470455/100/0/threaded" - }, - { - "name" : "42055", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42055" - }, - { - "name" : "2774", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2774" - }, - { - "name" : "peercast-password-information-disclosure(34713)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42055", + "refsource": "OSVDB", + "url": "http://osvdb.org/42055" + }, + { + "name": "peercast-password-information-disclosure(34713)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34713" + }, + { + "name": "20070604 2007-06-03: PeerCast streaming server submits cleartext password", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470455/100/0/threaded" + }, + { + "name": "2774", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2774" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3104.json b/2007/3xxx/CVE-2007-3104.json index ec8f0a66b59..83054a4a975 100644 --- a/2007/3xxx/CVE-2007-3104.json +++ b/2007/3xxx/CVE-2007-3104.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242558", - "refsource" : "MISC", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242558" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm" - }, - { - "name" : "DSA-1428", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1428" - }, - { - "name" : "RHSA-2007:0488", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0488.html" - }, - { - "name" : "RHSA-2008:0089", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0089.html" - }, - { - "name" : "SUSE-SA:2007:064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html" - }, - { - "name" : "USN-510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-510-1" - }, - { - "name" : "USN-508-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-508-1" - }, - { - "name" : "USN-509-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-509-1" - }, - { - "name" : "24631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24631" - }, - { - "name" : "37115", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37115" - }, - { - "name" : "oval:org.mitre.oval:def:11233", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11233" - }, - { - "name" : "1018289", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018289" - }, - { - "name" : "25771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25771" - }, - { - "name" : "25838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25838" - }, - { - "name" : "26289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26289" - }, - { - "name" : "26643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26643" - }, - { - "name" : "26651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26651" - }, - { - "name" : "27912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27912" - }, - { - "name" : "28033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28033" - }, - { - "name" : "28643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018289", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018289" + }, + { + "name": "26643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26643" + }, + { + "name": "28643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28643" + }, + { + "name": "oval:org.mitre.oval:def:11233", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11233" + }, + { + "name": "26651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26651" + }, + { + "name": "26289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26289" + }, + { + "name": "25838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25838" + }, + { + "name": "USN-510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-510-1" + }, + { + "name": "USN-509-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-509-1" + }, + { + "name": "24631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24631" + }, + { + "name": "DSA-1428", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1428" + }, + { + "name": "27912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27912" + }, + { + "name": "25771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25771" + }, + { + "name": "28033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28033" + }, + { + "name": "37115", + "refsource": "OSVDB", + "url": "http://osvdb.org/37115" + }, + { + "name": "SUSE-SA:2007:064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242558", + "refsource": "MISC", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242558" + }, + { + "name": "RHSA-2008:0089", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html" + }, + { + "name": "USN-508-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-508-1" + }, + { + "name": "RHSA-2007:0488", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0488.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3380.json b/2007/3xxx/CVE-2007-3380.json index 55e189a58aa..b11874a0714 100644 --- a/2007/3xxx/CVE-2007-3380.json +++ b/2007/3xxx/CVE-2007-3380.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2007:0940", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0940.html" - }, - { - "name" : "USN-489-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-489-1" - }, - { - "name" : "USN-489-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-489-2" - }, - { - "name" : "24968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24968" - }, - { - "name" : "37109", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37109" - }, - { - "name" : "oval:org.mitre.oval:def:9337", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9337" - }, - { - "name" : "26139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26139" - }, - { - "name" : "27322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27322" - }, - { - "name" : "clusterproject-dlm-dos(35516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37109", + "refsource": "OSVDB", + "url": "http://osvdb.org/37109" + }, + { + "name": "RHSA-2007:0940", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0940.html" + }, + { + "name": "27322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27322" + }, + { + "name": "clusterproject-dlm-dos(35516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35516" + }, + { + "name": "USN-489-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-489-2" + }, + { + "name": "24968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24968" + }, + { + "name": "USN-489-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-489-1" + }, + { + "name": "oval:org.mitre.oval:def:9337", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9337" + }, + { + "name": "26139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26139" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3467.json b/2007/3xxx/CVE-2007-3467.json index 1b0a7dde3ae..b1a9927f469 100644 --- a/2007/3xxx/CVE-2007-3467.json +++ b/2007/3xxx/CVE-2007-3467.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070621 VLC 0.8.6b format string vulnerability & integer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471933/100/0/threaded" - }, - { - "name" : "http://www.isecpartners.com/advisories/2007-001-vlc.txt", - "refsource" : "MISC", - "url" : "http://www.isecpartners.com/advisories/2007-001-vlc.txt" - }, - { - "name" : "DSA-1332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1332" - }, - { - "name" : "42189", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42189" - }, - { - "name" : "oval:org.mitre.oval:def:14863", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14863" - }, - { - "name" : "25980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070621 VLC 0.8.6b format string vulnerability & integer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded" + }, + { + "name": "42189", + "refsource": "OSVDB", + "url": "http://osvdb.org/42189" + }, + { + "name": "http://www.isecpartners.com/advisories/2007-001-vlc.txt", + "refsource": "MISC", + "url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt" + }, + { + "name": "oval:org.mitre.oval:def:14863", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14863" + }, + { + "name": "DSA-1332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1332" + }, + { + "name": "25980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25980" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3669.json b/2007/3xxx/CVE-2007-3669.json index 44f563c39f7..e42cd107af5 100644 --- a/2007/3xxx/CVE-2007-3669.json +++ b/2007/3xxx/CVE-2007-3669.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control have unspecified attack vectors and impact, including a denial of service via \"improper use\" of the SaveToFile function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070707 [Eleytt] 7LIPIEC2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473187" - }, - { - "name" : "24834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24834" - }, - { - "name" : "43960", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control have unspecified attack vectors and impact, including a denial of service via \"improper use\" of the SaveToFile function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43960", + "refsource": "OSVDB", + "url": "http://osvdb.org/43960" + }, + { + "name": "20070707 [Eleytt] 7LIPIEC2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473187" + }, + { + "name": "24834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24834" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3708.json b/2007/3xxx/CVE-2007-3708.json index 25eac40897f..5f5c7eb8a32 100644 --- a/2007/3xxx/CVE-2007-3708.json +++ b/2007/3xxx/CVE-2007-3708.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070708 CodeIgniter 1.5.3 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473190/100/0/threaded" - }, - { - "name" : "20070709 CodeIgniter 1.5.3 vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html" - }, - { - "name" : "37907", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37907" - }, - { - "name" : "25991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25991" - }, - { - "name" : "2877", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2877" - }, - { - "name" : "codeigniter-xssclean-xss(35350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37907", + "refsource": "OSVDB", + "url": "http://osvdb.org/37907" + }, + { + "name": "25991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25991" + }, + { + "name": "codeigniter-xssclean-xss(35350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35350" + }, + { + "name": "20070709 CodeIgniter 1.5.3 vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html" + }, + { + "name": "20070708 CodeIgniter 1.5.3 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473190/100/0/threaded" + }, + { + "name": "2877", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2877" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4196.json b/2007/4xxx/CVE-2007-4196.json index b6d2c9241b6..fe0304953da 100644 --- a/2007/4xxx/CVE-2007-4196.json +++ b/2007/4xxx/CVE-2007-4196.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070726 Re: Guidance Software response to iSEC report on EnCase", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474809/100/0/threaded" - }, - { - "name" : "20070802 RE: Re: Guidance Software response to iSEC report on EnCase", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475335/100/0/threaded" - }, - { - "name" : "[sleuthkit-announce] 20070614 TSK 2.09 Released and new Wiki", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=A19F11EF-13CA-4940-AFF3-9BE08F67EE22%40sleuthkit.org" - }, - { - "name" : "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf", - "refsource" : "MISC", - "url" : "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf" - }, - { - "name" : "25181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070726 Re: Guidance Software response to iSEC report on EnCase", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474809/100/0/threaded" + }, + { + "name": "25181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25181" + }, + { + "name": "20070802 RE: Re: Guidance Software response to iSEC report on EnCase", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475335/100/0/threaded" + }, + { + "name": "[sleuthkit-announce] 20070614 TSK 2.09 Released and new Wiki", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_name=A19F11EF-13CA-4940-AFF3-9BE08F67EE22%40sleuthkit.org" + }, + { + "name": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf", + "refsource": "MISC", + "url": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4226.json b/2007/4xxx/CVE-2007-4226.json index fd137e8e604..6f743dce4a7 100644 --- a/2007/4xxx/CVE-2007-4226.json +++ b/2007/4xxx/CVE-2007-4226.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070806 TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475667/100/0/threaded" - }, - { - "name" : "20070809 Re: TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=118669433531027&w=2" - }, - { - "name" : "25214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25214" - }, - { - "name" : "ADV-2007-2840", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2840" - }, - { - "name" : "39397", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39397" - }, - { - "name" : "1018521", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018521" - }, - { - "name" : "26354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26354" - }, - { - "name" : "2986", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2986" - }, - { - "name" : "adonis-tftp-privilege-escalation(35807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018521", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018521" + }, + { + "name": "adonis-tftp-privilege-escalation(35807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35807" + }, + { + "name": "25214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25214" + }, + { + "name": "ADV-2007-2840", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2840" + }, + { + "name": "2986", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2986" + }, + { + "name": "20070809 Re: TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=118669433531027&w=2" + }, + { + "name": "20070806 TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475667/100/0/threaded" + }, + { + "name": "39397", + "refsource": "OSVDB", + "url": "http://osvdb.org/39397" + }, + { + "name": "26354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26354" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4531.json b/2007/4xxx/CVE-2007-4531.json index 4c563d2a0de..d815193e9b6 100644 --- a/2007/4xxx/CVE-2007-4531.json +++ b/2007/4xxx/CVE-2007-4531.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and slowdown) via a string containing many 0x07 or other control characters to the file transfer port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070823 Multiple denial of service in Soldat 1.4.2/2.6.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477624/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/soldatdos-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/soldatdos-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/soldatdos.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/soldatdos.zip" - }, - { - "name" : "25426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25426" - }, - { - "name" : "26564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26564" - }, - { - "name" : "soldat-message-dos(36230)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36230" - }, - { - "name" : "soldat-server-ftp-dos(36231)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and slowdown) via a string containing many 0x07 or other control characters to the file transfer port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26564" + }, + { + "name": "20070823 Multiple denial of service in Soldat 1.4.2/2.6.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477624/100/0/threaded" + }, + { + "name": "soldat-message-dos(36230)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36230" + }, + { + "name": "25426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25426" + }, + { + "name": "http://aluigi.org/poc/soldatdos.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/soldatdos.zip" + }, + { + "name": "http://aluigi.altervista.org/adv/soldatdos-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/soldatdos-adv.txt" + }, + { + "name": "soldat-server-ftp-dos(36231)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36231" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4923.json b/2007/4xxx/CVE-2007-4923.json index 1e07866a638..371ab4e79cc 100644 --- a/2007/4xxx/CVE-2007-4923.json +++ b/2007/4xxx/CVE-2007-4923.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4401", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4401" - }, - { - "name" : "25664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25664" - }, - { - "name" : "ADV-2007-3173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3173" - }, - { - "name" : "37028", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/37028" - }, - { - "name" : "26809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26809" - }, - { - "name" : "joomlaradio-admin-file-include(36603)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25664" + }, + { + "name": "26809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26809" + }, + { + "name": "joomlaradio-admin-file-include(36603)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36603" + }, + { + "name": "ADV-2007-3173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3173" + }, + { + "name": "4401", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4401" + }, + { + "name": "37028", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/37028" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6491.json b/2007/6xxx/CVE-2007-6491.json index 57b6fa32b81..3fb15a1d0a5 100644 --- a/2007/6xxx/CVE-2007-6491.json +++ b/2007/6xxx/CVE-2007-6491.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071207 Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484758/100/100/threaded" - }, - { - "name" : "43709", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43709" - }, - { - "name" : "43710", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43710" - }, - { - "name" : "3473", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3473", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3473" + }, + { + "name": "20071207 Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484758/100/100/threaded" + }, + { + "name": "43709", + "refsource": "OSVDB", + "url": "http://osvdb.org/43709" + }, + { + "name": "43710", + "refsource": "OSVDB", + "url": "http://osvdb.org/43710" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5452.json b/2014/5xxx/CVE-2014-5452.json index da7ae878c1d..4b16dba3432 100644 --- a/2014/5xxx/CVE-2014-5452.json +++ b/2014/5xxx/CVE-2014-5452.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/", - "refsource" : "MISC", - "url" : "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/" - }, - { - "name" : "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088", - "refsource" : "CONFIRM", - "url" : "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088" - }, - { - "name" : "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html", - "refsource" : "CONFIRM", - "url" : "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699588", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699588" - }, - { - "name" : "69633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69633" - }, - { - "name" : "1033511", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html", + "refsource": "CONFIRM", + "url": "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html" + }, + { + "name": "69633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69633" + }, + { + "name": "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088", + "refsource": "CONFIRM", + "url": "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088" + }, + { + "name": "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/", + "refsource": "MISC", + "url": "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/" + }, + { + "name": "1033511", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033511" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699588", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699588" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2450.json b/2015/2xxx/CVE-2015-2450.json index cf91054abb3..0d4aa4fcf8f 100644 --- a/2015/2xxx/CVE-2015-2450.json +++ b/2015/2xxx/CVE-2015-2450.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-2451." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" - }, - { - "name" : "76190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76190" - }, - { - "name" : "1033237", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-2451." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033237", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033237" + }, + { + "name": "MS15-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" + }, + { + "name": "76190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76190" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2822.json b/2015/2xxx/CVE-2015-2822.json index 916ee695ab8..140149ac5c9 100644 --- a/2015/2xxx/CVE-2015-2822.json +++ b/2015/2xxx/CVE-2015-2822.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf" - }, - { - "name" : "74028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74028" + }, + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2883.json b/2015/2xxx/CVE-2015-2883.json index 972b5b59b0f..2a6a45a38c1 100644 --- a/2015/2xxx/CVE-2015-2883.json +++ b/2015/2xxx/CVE-2015-2883.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2015-2883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Philips In.Sight B120/37", - "version" : { - "version_data" : [ - { - "version_value" : "Philips In.Sight B120/37" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Philips In.Sight B120/37", + "version": { + "version_data": [ + { + "version_value": "Philips In.Sight B120/37" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2916.json b/2015/2xxx/CVE-2015-2916.json index 72ad12f25f7..8696de15a74 100644 --- a/2015/2xxx/CVE-2015-2916.json +++ b/2015/2xxx/CVE-2015-2916.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#906576", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/906576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#906576", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/906576" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6105.json b/2015/6xxx/CVE-2015-6105.json index 361a3e84378..b1a794012a3 100644 --- a/2015/6xxx/CVE-2015-6105.json +++ b/2015/6xxx/CVE-2015-6105.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6105", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6105", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6513.json b/2015/6xxx/CVE-2015-6513.json index 3a875224d79..d9e06404685 100644 --- a/2015/6xxx/CVE-2015-6513.json +++ b/2015/6xxx/CVE-2015-6513.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/132658/Joomla-J2Store-3.1.6-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132658/Joomla-J2Store-3.1.6-SQL-Injection.html" - }, - { - "name" : "http://volatileminds.net/2015/07/07/j2store-316-sql-injection.html", - "refsource" : "MISC", - "url" : "http://volatileminds.net/2015/07/07/j2store-316-sql-injection.html" - }, - { - "name" : "http://j2store.org/download-j2store/j2store-v3-3-1-7.html", - "refsource" : "CONFIRM", - "url" : "http://j2store.org/download-j2store/j2store-v3-3-1-7.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132658/Joomla-J2Store-3.1.6-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132658/Joomla-J2Store-3.1.6-SQL-Injection.html" + }, + { + "name": "http://volatileminds.net/2015/07/07/j2store-316-sql-injection.html", + "refsource": "MISC", + "url": "http://volatileminds.net/2015/07/07/j2store-316-sql-injection.html" + }, + { + "name": "http://j2store.org/download-j2store/j2store-v3-3-1-7.html", + "refsource": "CONFIRM", + "url": "http://j2store.org/download-j2store/j2store-v3-3-1-7.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6711.json b/2015/6xxx/CVE-2015-6711.json index 739c1bbac34..faec90271c4 100644 --- a/2015/6xxx/CVE-2015-6711.json +++ b/2015/6xxx/CVE-2015-6711.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DoIdentityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-6711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-485", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-485" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" - }, - { - "name" : "1033796", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DoIdentityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-485", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-485" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" + }, + { + "name": "1033796", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033796" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6813.json b/2015/6xxx/CVE-2015-6813.json index efe73d53f1b..6b71966f6d7 100644 --- a/2015/6xxx/CVE-2015-6813.json +++ b/2015/6xxx/CVE-2015-6813.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6813", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6813", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6898.json b/2015/6xxx/CVE-2015-6898.json index e7c2825b6e3..effbbb758c5 100644 --- a/2015/6xxx/CVE-2015-6898.json +++ b/2015/6xxx/CVE-2015-6898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6898", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6898", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7314.json b/2015/7xxx/CVE-2015-7314.json index 1515090a441..85150efd6ab 100644 --- a/2015/7xxx/CVE-2015-7314.json +++ b/2015/7xxx/CVE-2015-7314.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150922 Re: CVE Request: gollum information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/22/12" - }, - { - "name" : "https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1", - "refsource" : "CONFIRM", - "url" : "https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1" - }, - { - "name" : "https://github.com/gollum/gollum/issues/1070", - "refsource" : "CONFIRM", - "url" : "https://github.com/gollum/gollum/issues/1070" - }, - { - "name" : "JVN#27548431", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN27548431/index.html" - }, - { - "name" : "JVNDB-2015-000149", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1", + "refsource": "CONFIRM", + "url": "https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1" + }, + { + "name": "JVN#27548431", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN27548431/index.html" + }, + { + "name": "JVNDB-2015-000149", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000149" + }, + { + "name": "https://github.com/gollum/gollum/issues/1070", + "refsource": "CONFIRM", + "url": "https://github.com/gollum/gollum/issues/1070" + }, + { + "name": "[oss-security] 20150922 Re: CVE Request: gollum information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/22/12" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7559.json b/2015/7xxx/CVE-2015-7559.json index 85e0a1ef472..d4511a09fd5 100644 --- a/2015/7xxx/CVE-2015-7559.json +++ b/2015/7xxx/CVE-2015-7559.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7559", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7559", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0133.json b/2016/0xxx/CVE-2016-0133.json index 26535fdcd93..df77039abdd 100644 --- a/2016/0xxx/CVE-2016-0133.json +++ b/2016/0xxx/CVE-2016-0133.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka \"USB Mass Storage Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-033", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-033" - }, - { - "name" : "84035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84035" - }, - { - "name" : "1035211", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka \"USB Mass Storage Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-033", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-033" + }, + { + "name": "1035211", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035211" + }, + { + "name": "84035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84035" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0925.json b/2016/0xxx/CVE-2016-0925.json index c8017ea65c0..a048460ec7e 100644 --- a/2016/0xxx/CVE-2016-0925.json +++ b/2016/0xxx/CVE-2016-0925.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-0925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-0925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160920 ESA-2016-093: RSA Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Sep/33" - }, - { - "name" : "93025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93025" - }, - { - "name" : "1036851", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036851", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036851" + }, + { + "name": "20160920 ESA-2016-093: RSA Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Sep/33" + }, + { + "name": "93025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93025" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000237.json b/2016/1000xxx/CVE-2016-1000237.json index 6ea03f2e18d..3f4f14ca6f8 100644 --- a/2016/1000xxx/CVE-2016-1000237.json +++ b/2016/1000xxx/CVE-2016-1000237.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000237", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000237", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10057.json b/2016/10xxx/CVE-2016-10057.json index 6e41a62dd35..669fb419e6a 100644 --- a/2016/10xxx/CVE-2016-10057.json +++ b/2016/10xxx/CVE-2016-10057.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/26/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410466", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410466" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1" - }, - { - "name" : "95192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410466", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410466" + }, + { + "name": "95192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95192" + }, + { + "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10106.json b/2016/10xxx/CVE-2016-10106.json index a145af2032c..1ad8109ed92 100644 --- a/2016/10xxx/CVE-2016-10106.json +++ b/2016/10xxx/CVE-2016-10106.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/mantislesin/status/816618162770821120", - "refsource" : "MISC", - "url" : "https://twitter.com/mantislesin/status/816618162770821120" - }, - { - "name" : "http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability", - "refsource" : "CONFIRM", - "url" : "http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability" - }, - { - "name" : "95204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95204" - }, - { - "name" : "1037548", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability", + "refsource": "CONFIRM", + "url": "http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability" + }, + { + "name": "95204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95204" + }, + { + "name": "1037548", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037548" + }, + { + "name": "https://twitter.com/mantislesin/status/816618162770821120", + "refsource": "MISC", + "url": "https://twitter.com/mantislesin/status/816618162770821120" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10193.json b/2016/10xxx/CVE-2016-10193.json index 49617d065fc..189345ec6af 100644 --- a/2016/10xxx/CVE-2016-10193.json +++ b/2016/10xxx/CVE-2016-10193.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170131 CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/31/14" - }, - { - "name" : "[oss-security] 20170202 Re: CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/5" - }, - { - "name" : "https://github.com/dejan/espeak-ruby/issues/7", - "refsource" : "CONFIRM", - "url" : "https://github.com/dejan/espeak-ruby/issues/7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170202 Re: CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/5" + }, + { + "name": "[oss-security] 20170131 CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/31/14" + }, + { + "name": "https://github.com/dejan/espeak-ruby/issues/7", + "refsource": "CONFIRM", + "url": "https://github.com/dejan/espeak-ruby/issues/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10241.json b/2016/10xxx/CVE-2016-10241.json index ea4e43226a9..e8c211fda57 100644 --- a/2016/10xxx/CVE-2016-10241.json +++ b/2016/10xxx/CVE-2016-10241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10587.json b/2016/10xxx/CVE-2016-10587.json index c4e3eaffe5f..3e149f1baca 100644 --- a/2016/10xxx/CVE-2016-10587.json +++ b/2016/10xxx/CVE-2016-10587.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "wasdk node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "wasdk node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/179", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/179", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/179" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4395.json b/2016/4xxx/CVE-2016-4395.json index 11bceed33d9..bc50c2eefa6 100644 --- a/2016/4xxx/CVE-2016-4395.json +++ b/2016/4xxx/CVE-2016-4395.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2016-4395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE System Management Homepage before v7.6", - "version" : { - "version_data" : [ - { - "version_value" : "HPE System Management Homepage before v7.6" - } - ] - } - } - ] - }, - "vendor_name" : "HPE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a \"Buffer Overflow\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2016-4395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE System Management Homepage before v7.6", + "version": { + "version_data": [ + { + "version_value": "HPE System Management Homepage before v7.6" + } + ] + } + } + ] + }, + "vendor_name": "HPE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-587", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-587" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2016-32", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-32" - }, - { - "name" : "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "93961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a \"Buffer Overflow\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-587", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-587" + }, + { + "name": "93961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93961" + }, + { + "name": "https://www.tenable.com/security/research/tra-2016-32", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-32" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4482.json b/2016/4xxx/CVE-2016-4482.json index b000ab12766..e06a52bcd37 100644 --- a/2016/4xxx/CVE-2016-4482.json +++ b/2016/4xxx/CVE-2016-4482.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/04/2" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1332931", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1332931" - }, - { - "name" : "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee" - }, - { - "name" : "DSA-3607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3607" - }, - { - "name" : "FEDORA-2016-4ce97823af", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html" - }, - { - "name" : "SUSE-SU-2016:1672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" - }, - { - "name" : "SUSE-SU-2016:1690", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" - }, - { - "name" : "SUSE-SU-2016:1696", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html" - }, - { - "name" : "SUSE-SU-2016:1937", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:1641", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" - }, - { - "name" : "SUSE-SU-2016:1985", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" - }, - { - "name" : "SUSE-SU-2016:2105", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" - }, - { - "name" : "openSUSE-SU-2016:2184", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" - }, - { - "name" : "USN-3016-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3016-1" - }, - { - "name" : "USN-3016-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3016-2" - }, - { - "name" : "USN-3016-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3016-3" - }, - { - "name" : "USN-3016-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3016-4" - }, - { - "name" : "USN-3017-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3017-1" - }, - { - "name" : "USN-3017-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3017-2" - }, - { - "name" : "USN-3017-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3017-3" - }, - { - "name" : "USN-3018-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3018-1" - }, - { - "name" : "USN-3018-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3018-2" - }, - { - "name" : "USN-3019-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3019-1" - }, - { - "name" : "USN-3020-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3020-1" - }, - { - "name" : "USN-3021-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3021-1" - }, - { - "name" : "USN-3021-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3021-2" - }, - { - "name" : "90029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1690", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" + }, + { + "name": "90029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90029" + }, + { + "name": "SUSE-SU-2016:1696", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931" + }, + { + "name": "USN-3017-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3017-1" + }, + { + "name": "SUSE-SU-2016:1985", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" + }, + { + "name": "USN-3017-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3017-3" + }, + { + "name": "openSUSE-SU-2016:2184", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" + }, + { + "name": "USN-3018-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3018-2" + }, + { + "name": "USN-3021-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3021-2" + }, + { + "name": "USN-3017-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3017-2" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee" + }, + { + "name": "USN-3019-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3019-1" + }, + { + "name": "openSUSE-SU-2016:1641", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" + }, + { + "name": "DSA-3607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3607" + }, + { + "name": "USN-3016-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3016-2" + }, + { + "name": "USN-3016-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3016-1" + }, + { + "name": "SUSE-SU-2016:1672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" + }, + { + "name": "USN-3021-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3021-1" + }, + { + "name": "USN-3018-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3018-1" + }, + { + "name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/04/2" + }, + { + "name": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee" + }, + { + "name": "FEDORA-2016-4ce97823af", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html" + }, + { + "name": "SUSE-SU-2016:2105", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" + }, + { + "name": "USN-3016-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3016-3" + }, + { + "name": "USN-3016-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3016-4" + }, + { + "name": "USN-3020-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3020-1" + }, + { + "name": "SUSE-SU-2016:1937", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4563.json b/2016/4xxx/CVE-2016-4563.json index 2bde8128a81..b07efca6785 100644 --- a/2016/4xxx/CVE-2016-4563.json +++ b/2016/4xxx/CVE-2016-4563.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.imagemagick.org/script/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.imagemagick.org/script/changelog.php" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950" + }, + { + "name": "http://www.imagemagick.org/script/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.imagemagick.org/script/changelog.php" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4954.json b/2016/4xxx/CVE-2016-4954.json index a94a8d52fa8..3e2dad93ac8 100644 --- a/2016/4xxx/CVE-2016-4954.json +++ b/2016/4xxx/CVE-2016-4954.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.ntp.org/3044", - "refsource" : "CONFIRM", - "url" : "http://bugs.ntp.org/3044" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug3044", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug3044" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us" - }, - { - "name" : "FreeBSD-SA-16:24", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc" - }, - { - "name" : "GLSA-201607-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-15" - }, - { - "name" : "SUSE-SU-2016:1563", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html" - }, - { - "name" : "SUSE-SU-2016:1584", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html" - }, - { - "name" : "SUSE-SU-2016:1602", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html" - }, - { - "name" : "openSUSE-SU-2016:1583", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html" - }, - { - "name" : "openSUSE-SU-2016:1636", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html" - }, - { - "name" : "VU#321640", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/321640" - }, - { - "name" : "1036037", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1602", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html" + }, + { + "name": "openSUSE-SU-2016:1583", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html" + }, + { + "name": "FreeBSD-SA-16:24", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us" + }, + { + "name": "1036037", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036037" + }, + { + "name": "SUSE-SU-2016:1584", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug3044", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug3044" + }, + { + "name": "VU#321640", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/321640" + }, + { + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice" + }, + { + "name": "openSUSE-SU-2016:1636", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html" + }, + { + "name": "http://bugs.ntp.org/3044", + "refsource": "CONFIRM", + "url": "http://bugs.ntp.org/3044" + }, + { + "name": "SUSE-SU-2016:1563", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html" + }, + { + "name": "GLSA-201607-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-15" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9127.json b/2016/9xxx/CVE-2016-9127.json index 3579f772711..c48a30412fe 100644 --- a/2016/9xxx/CVE-2016-9127.json +++ b/2016/9xxx/CVE-2016-9127.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-9127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Revive Adserver All versions before 3.2.3", - "version" : { - "version_data" : [ - { - "version_value" : "Revive Adserver All versions before 3.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF) (CWE-352)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-9127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Revive Adserver All versions before 3.2.3", + "version": { + "version_data": [ + { + "version_value": "Revive Adserver All versions before 3.2.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2", - "refsource" : "MISC", - "url" : "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2" - }, - { - "name" : "https://hackerone.com/reports/99452", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/99452" - }, - { - "name" : "https://www.revive-adserver.com/security/revive-sa-2016-001/", - "refsource" : "MISC", - "url" : "https://www.revive-adserver.com/security/revive-sa-2016-001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (CWE-352)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2", + "refsource": "MISC", + "url": "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2" + }, + { + "name": "https://hackerone.com/reports/99452", + "refsource": "MISC", + "url": "https://hackerone.com/reports/99452" + }, + { + "name": "https://www.revive-adserver.com/security/revive-sa-2016-001/", + "refsource": "MISC", + "url": "https://www.revive-adserver.com/security/revive-sa-2016-001/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2467.json b/2019/2xxx/CVE-2019-2467.json index d5a87768309..17f31a4f57c 100644 --- a/2019/2xxx/CVE-2019-2467.json +++ b/2019/2xxx/CVE-2019-2467.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106569" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2609.json b/2019/2xxx/CVE-2019-2609.json index c010c9087d6..0a6a1f0111a 100644 --- a/2019/2xxx/CVE-2019-2609.json +++ b/2019/2xxx/CVE-2019-2609.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2609", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2609", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2713.json b/2019/2xxx/CVE-2019-2713.json index bdf5e906220..575cb2df908 100644 --- a/2019/2xxx/CVE-2019-2713.json +++ b/2019/2xxx/CVE-2019-2713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3037.json b/2019/3xxx/CVE-2019-3037.json index fa7f4de0cc1..b91f646d614 100644 --- a/2019/3xxx/CVE-2019-3037.json +++ b/2019/3xxx/CVE-2019-3037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3037", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3037", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3092.json b/2019/3xxx/CVE-2019-3092.json index 15f77372738..4e10b4d0e15 100644 --- a/2019/3xxx/CVE-2019-3092.json +++ b/2019/3xxx/CVE-2019-3092.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3092", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3092", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3402.json b/2019/3xxx/CVE-2019-3402.json index 77297a1a800..b3f39a5dc80 100644 --- a/2019/3xxx/CVE-2019-3402.json +++ b/2019/3xxx/CVE-2019-3402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3402", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3402", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3849.json b/2019/3xxx/CVE-2019-3849.json index acfeb862409..657fe0a8fef 100644 --- a/2019/3xxx/CVE-2019-3849.json +++ b/2019/3xxx/CVE-2019-3849.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3849", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3849", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3962.json b/2019/3xxx/CVE-2019-3962.json index 451c8207567..d74193a65bd 100644 --- a/2019/3xxx/CVE-2019-3962.json +++ b/2019/3xxx/CVE-2019-3962.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3962", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3962", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6069.json b/2019/6xxx/CVE-2019-6069.json index 183168efb83..e7a47023621 100644 --- a/2019/6xxx/CVE-2019-6069.json +++ b/2019/6xxx/CVE-2019-6069.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6069", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6069", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6515.json b/2019/6xxx/CVE-2019-6515.json index 1e1b24aac0e..e4d28a2dc91 100644 --- a/2019/6xxx/CVE-2019-6515.json +++ b/2019/6xxx/CVE-2019-6515.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6515", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6515", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6628.json b/2019/6xxx/CVE-2019-6628.json index e5592a0c9df..08cd0de9407 100644 --- a/2019/6xxx/CVE-2019-6628.json +++ b/2019/6xxx/CVE-2019-6628.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6628", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6628", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6748.json b/2019/6xxx/CVE-2019-6748.json index 765b862af60..f32203d18ae 100644 --- a/2019/6xxx/CVE-2019-6748.json +++ b/2019/6xxx/CVE-2019-6748.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6748", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6748", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7297.json b/2019/7xxx/CVE-2019-7297.json index a381c1a6cbf..b496ae4f17b 100644 --- a/2019/7xxx/CVE-2019-7297.json +++ b/2019/7xxx/CVE-2019-7297.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/leonW7/D-Link/blob/master/Vul_1.md", - "refsource" : "MISC", - "url" : "https://github.com/leonW7/D-Link/blob/master/Vul_1.md" - }, - { - "name" : "106815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/leonW7/D-Link/blob/master/Vul_1.md", + "refsource": "MISC", + "url": "https://github.com/leonW7/D-Link/blob/master/Vul_1.md" + }, + { + "name": "106815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106815" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7321.json b/2019/7xxx/CVE-2019-7321.json index 2f9e2ad183d..3b649010790 100644 --- a/2019/7xxx/CVE-2019-7321.json +++ b/2019/7xxx/CVE-2019-7321.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7321", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7321", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7329.json b/2019/7xxx/CVE-2019-7329.json index fc45a1c5870..16a4dd077e9 100644 --- a/2019/7xxx/CVE-2019-7329.json +++ b/2019/7xxx/CVE-2019-7329.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZoneMinder/zoneminder/issues/2446", - "refsource" : "MISC", - "url" : "https://github.com/ZoneMinder/zoneminder/issues/2446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZoneMinder/zoneminder/issues/2446", + "refsource": "MISC", + "url": "https://github.com/ZoneMinder/zoneminder/issues/2446" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7801.json b/2019/7xxx/CVE-2019-7801.json index 398e5404bce..42e118fa4dd 100644 --- a/2019/7xxx/CVE-2019-7801.json +++ b/2019/7xxx/CVE-2019-7801.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7801", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7801", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7953.json b/2019/7xxx/CVE-2019-7953.json index e305de2fe73..5417f44e2d1 100644 --- a/2019/7xxx/CVE-2019-7953.json +++ b/2019/7xxx/CVE-2019-7953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7953", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7953", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8326.json b/2019/8xxx/CVE-2019-8326.json index 27391653491..7a581176d94 100644 --- a/2019/8xxx/CVE-2019-8326.json +++ b/2019/8xxx/CVE-2019-8326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8375.json b/2019/8xxx/CVE-2019-8375.json index dd1844dc1b9..f42878fd6e7 100644 --- a/2019/8xxx/CVE-2019-8375.json +++ b/2019/8xxx/CVE-2019-8375.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46465", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46465/" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=184875", - "refsource" : "MISC", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=184875" - }, - { - "name" : "https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531", - "refsource" : "MISC", - "url" : "https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531" - }, - { - "name" : "https://trac.webkit.org/changeset/241515/webkit", - "refsource" : "MISC", - "url" : "https://trac.webkit.org/changeset/241515/webkit" - }, - { - "name" : "https://www.inputzero.io/2019/02/fuzzing-webkit.html", - "refsource" : "MISC", - "url" : "https://www.inputzero.io/2019/02/fuzzing-webkit.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://trac.webkit.org/changeset/241515/webkit", + "refsource": "MISC", + "url": "https://trac.webkit.org/changeset/241515/webkit" + }, + { + "name": "46465", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46465/" + }, + { + "name": "https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531", + "refsource": "MISC", + "url": "https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531" + }, + { + "name": "https://www.inputzero.io/2019/02/fuzzing-webkit.html", + "refsource": "MISC", + "url": "https://www.inputzero.io/2019/02/fuzzing-webkit.html" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=184875", + "refsource": "MISC", + "url": "https://bugs.webkit.org/show_bug.cgi?id=184875" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8382.json b/2019/8xxx/CVE-2019-8382.json index 56f38a65577..bf4aca4c11c 100644 --- a/2019/8xxx/CVE-2019-8382.json +++ b/2019/8xxx/CVE-2019-8382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/364", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/364" - }, - { - "name" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_listfind-bento4-1-5-1-628/", - "refsource" : "MISC", - "url" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_listfind-bento4-1-5-1-628/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/364", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/364" + }, + { + "name": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_listfind-bento4-1-5-1-628/", + "refsource": "MISC", + "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_listfind-bento4-1-5-1-628/" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8980.json b/2019/8xxx/CVE-2019-8980.json index e3cc09f6137..c98eb080645 100644 --- a/2019/8xxx/CVE-2019-8980.json +++ b/2019/8xxx/CVE-2019-8980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html", - "refsource" : "MISC", - "url" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html" - }, - { - "name" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935705.html", - "refsource" : "MISC", - "url" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935705.html" - }, - { - "name" : "107120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935705.html", + "refsource": "MISC", + "url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935705.html" + }, + { + "name": "107120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107120" + }, + { + "name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html", + "refsource": "MISC", + "url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9027.json b/2019/9xxx/CVE-2019-9027.json index a66544710e4..69e9fe1615f 100644 --- a/2019/9xxx/CVE-2019-9027.json +++ b/2019/9xxx/CVE-2019-9027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/matio", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/matio" - }, - { - "name" : "https://github.com/tbeu/matio/issues/103", - "refsource" : "MISC", - "url" : "https://github.com/tbeu/matio/issues/103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tbeu/matio/issues/103", + "refsource": "MISC", + "url": "https://github.com/tbeu/matio/issues/103" + }, + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/matio", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/matio" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9312.json b/2019/9xxx/CVE-2019-9312.json index c76f55b2990..45410735178 100644 --- a/2019/9xxx/CVE-2019-9312.json +++ b/2019/9xxx/CVE-2019-9312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9312", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9312", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9347.json b/2019/9xxx/CVE-2019-9347.json index 11e7107187a..549e29aa74d 100644 --- a/2019/9xxx/CVE-2019-9347.json +++ b/2019/9xxx/CVE-2019-9347.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9347", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9347", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9530.json b/2019/9xxx/CVE-2019-9530.json index 811c5d1ea81..220db9a391b 100644 --- a/2019/9xxx/CVE-2019-9530.json +++ b/2019/9xxx/CVE-2019-9530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9530", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9530", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file