From 9839881371cad00154b3fac42e3ef83b55aa82e6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:41:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/3xxx/CVE-2007-3136.json | 150 ++++++------ 2007/3xxx/CVE-2007-3282.json | 150 ++++++------ 2007/3xxx/CVE-2007-3346.json | 150 ++++++------ 2007/3xxx/CVE-2007-3889.json | 190 +++++++-------- 2007/4xxx/CVE-2007-4277.json | 180 +++++++------- 2007/4xxx/CVE-2007-4692.json | 210 ++++++++-------- 2007/6xxx/CVE-2007-6113.json | 430 ++++++++++++++++----------------- 2007/6xxx/CVE-2007-6127.json | 160 ++++++------ 2007/6xxx/CVE-2007-6434.json | 160 ++++++------ 2007/6xxx/CVE-2007-6505.json | 160 ++++++------ 2007/6xxx/CVE-2007-6649.json | 150 ++++++------ 2010/1xxx/CVE-2010-1201.json | 300 +++++++++++------------ 2010/1xxx/CVE-2010-1233.json | 170 ++++++------- 2010/1xxx/CVE-2010-1270.json | 180 +++++++------- 2010/1xxx/CVE-2010-1824.json | 220 ++++++++--------- 2010/1xxx/CVE-2010-1901.json | 140 +++++------ 2014/0xxx/CVE-2014-0173.json | 150 ++++++------ 2014/0xxx/CVE-2014-0456.json | 280 ++++++++++----------- 2014/0xxx/CVE-2014-0819.json | 130 +++++----- 2014/0xxx/CVE-2014-0841.json | 130 +++++----- 2014/0xxx/CVE-2014-0896.json | 140 +++++------ 2014/0xxx/CVE-2014-0980.json | 200 +++++++-------- 2014/1xxx/CVE-2014-1606.json | 34 +-- 2014/1xxx/CVE-2014-1812.json | 130 +++++----- 2014/5xxx/CVE-2014-5741.json | 140 +++++------ 2015/2xxx/CVE-2015-2154.json | 270 ++++++++++----------- 2016/10xxx/CVE-2016-10210.json | 140 +++++------ 2016/3xxx/CVE-2016-3741.json | 140 +++++------ 2016/4xxx/CVE-2016-4032.json | 130 +++++----- 2016/4xxx/CVE-2016-4518.json | 130 +++++----- 2016/4xxx/CVE-2016-4755.json | 150 ++++++------ 2016/8xxx/CVE-2016-8331.json | 140 +++++------ 2016/8xxx/CVE-2016-8397.json | 140 +++++------ 2016/8xxx/CVE-2016-8687.json | 200 +++++++-------- 2016/8xxx/CVE-2016-8746.json | 130 +++++----- 2016/8xxx/CVE-2016-8981.json | 130 +++++----- 2016/9xxx/CVE-2016-9476.json | 34 +-- 2016/9xxx/CVE-2016-9599.json | 156 ++++++------ 2016/9xxx/CVE-2016-9934.json | 210 ++++++++-------- 2019/2xxx/CVE-2019-2153.json | 34 +-- 2019/2xxx/CVE-2019-2419.json | 132 +++++----- 2019/2xxx/CVE-2019-2513.json | 142 +++++------ 2019/3xxx/CVE-2019-3658.json | 34 +-- 2019/3xxx/CVE-2019-3756.json | 34 +-- 2019/6xxx/CVE-2019-6073.json | 34 +-- 2019/6xxx/CVE-2019-6180.json | 34 +-- 2019/6xxx/CVE-2019-6601.json | 122 +++++----- 2019/6xxx/CVE-2019-6605.json | 34 +-- 2019/6xxx/CVE-2019-6884.json | 34 +-- 2019/7xxx/CVE-2019-7100.json | 34 +-- 2019/7xxx/CVE-2019-7189.json | 34 +-- 2019/7xxx/CVE-2019-7226.json | 34 +-- 2019/7xxx/CVE-2019-7258.json | 34 +-- 2019/7xxx/CVE-2019-7830.json | 34 +-- 54 files changed, 3669 insertions(+), 3669 deletions(-) diff --git a/2007/3xxx/CVE-2007-3136.json b/2007/3xxx/CVE-2007-3136.json index 6cf6112eaf6..a07f3e6fee5 100644 --- a/2007/3xxx/CVE-2007-3136.json +++ b/2007/3xxx/CVE-2007-3136.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4041", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4041" - }, - { - "name" : "24361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24361" - }, - { - "name" : "37456", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37456" - }, - { - "name" : "newssync-nukeinclude-file-include(34761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37456", + "refsource": "OSVDB", + "url": "http://osvdb.org/37456" + }, + { + "name": "24361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24361" + }, + { + "name": "4041", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4041" + }, + { + "name": "newssync-nukeinclude-file-include(34761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34761" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3282.json b/2007/3xxx/CVE-2007-3282.json index 542b1d1cd0b..8b8be06d6b0 100644 --- a/2007/3xxx/CVE-2007-3282.json +++ b/2007/3xxx/CVE-2007-3282.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4067", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4067" - }, - { - "name" : "38471", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38471" - }, - { - "name" : "1018251", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018251" - }, - { - "name" : "office-msodatasourcecontrol-bo(34849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38471", + "refsource": "OSVDB", + "url": "http://osvdb.org/38471" + }, + { + "name": "office-msodatasourcecontrol-bo(34849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34849" + }, + { + "name": "4067", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4067" + }, + { + "name": "1018251", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018251" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3346.json b/2007/3xxx/CVE-2007-3346.json index d34fb234a91..a322f0ca092 100644 --- a/2007/3xxx/CVE-2007-3346.json +++ b/2007/3xxx/CVE-2007-3346.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html" - }, - { - "name" : "24572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24572" - }, - { - "name" : "37683", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37683" - }, - { - "name" : "phpaccounts-index-file-include(35027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html" + }, + { + "name": "24572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24572" + }, + { + "name": "phpaccounts-index-file-include(35027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35027" + }, + { + "name": "37683", + "refsource": "OSVDB", + "url": "http://osvdb.org/37683" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3889.json b/2007/3xxx/CVE-2007-3889.json index 78ea256039c..a18595bc34e 100644 --- a/2007/3xxx/CVE-2007-3889.json +++ b/2007/3xxx/CVE-2007-3889.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070717 Insanely simple blog - Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473868/100/0/threaded" - }, - { - "name" : "20080610 [web-app] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493224/100/0/threaded" - }, - { - "name" : "5774", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5774" - }, - { - "name" : "http://chroot.org/exploits/chroot_uu_010", - "refsource" : "MISC", - "url" : "http://chroot.org/exploits/chroot_uu_010" - }, - { - "name" : "24934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24934" - }, - { - "name" : "26105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26105" - }, - { - "name" : "2904", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2904" - }, - { - "name" : "isb-currentsubsection-sql-injection(35450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080610 [web-app] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493224/100/0/threaded" + }, + { + "name": "5774", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5774" + }, + { + "name": "http://chroot.org/exploits/chroot_uu_010", + "refsource": "MISC", + "url": "http://chroot.org/exploits/chroot_uu_010" + }, + { + "name": "26105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26105" + }, + { + "name": "24934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24934" + }, + { + "name": "isb-currentsubsection-sql-injection(35450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35450" + }, + { + "name": "2904", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2904" + }, + { + "name": "20070717 Insanely simple blog - Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473868/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4277.json b/2007/4xxx/CVE-2007-4277.json index bf11ebac635..934cdee5edc 100644 --- a/2007/4xxx/CVE-2007-4277.json +++ b/2007/4xxx/CVE-2007-4277.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\\\.\\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071025 Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=609" - }, - { - "name" : "http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793", - "refsource" : "CONFIRM", - "url" : "http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793" - }, - { - "name" : "http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036190", - "refsource" : "CONFIRM", - "url" : "http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036190" - }, - { - "name" : "26209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26209" - }, - { - "name" : "ADV-2007-3627", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3627" - }, - { - "name" : "1018863", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018863" - }, - { - "name" : "27378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\\\.\\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27378" + }, + { + "name": "26209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26209" + }, + { + "name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793", + "refsource": "CONFIRM", + "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793" + }, + { + "name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036190", + "refsource": "CONFIRM", + "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036190" + }, + { + "name": "1018863", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018863" + }, + { + "name": "20071025 Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=609" + }, + { + "name": "ADV-2007-3627", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3627" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4692.json b/2007/4xxx/CVE-2007-4692.json index 7583ffb3bfb..d8deda75176 100644 --- a/2007/4xxx/CVE-2007-4692.json +++ b/2007/4xxx/CVE-2007-4692.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307041", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307041" - }, - { - "name" : "APPLE-SA-2007-11-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2007-11-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html" - }, - { - "name" : "TA07-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" - }, - { - "name" : "26444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26444" - }, - { - "name" : "26447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26447" - }, - { - "name" : "ADV-2007-3868", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3868" - }, - { - "name" : "40662", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40662" - }, - { - "name" : "27643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27643" - }, - { - "name" : "safari-tabbed-information-disclosure(38460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26444" + }, + { + "name": "APPLE-SA-2007-11-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html" + }, + { + "name": "APPLE-SA-2007-11-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" + }, + { + "name": "safari-tabbed-information-disclosure(38460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38460" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307041", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307041" + }, + { + "name": "ADV-2007-3868", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3868" + }, + { + "name": "27643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27643" + }, + { + "name": "40662", + "refsource": "OSVDB", + "url": "http://osvdb.org/40662" + }, + { + "name": "26447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26447" + }, + { + "name": "TA07-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6113.json b/2007/6xxx/CVE-2007-6113.json index 398b6cb2a3a..fdbb13161ce 100644 --- a/2007/6xxx/CVE-2007-6113.json +++ b/2007/6xxx/CVE-2007-6113.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070904 Wireshark DNP3 Dissector Infinite Loop Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478497/100/0/threaded" - }, - { - "name" : "20080103 rPSA-2008-0004-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485792/100/0/threaded" - }, - { - "name" : "4347", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4347" - }, - { - "name" : "http://www.securiteam.com/securitynews/5LP0V00MAI.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5LP0V00MAI.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199958", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199958" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1975", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1975" - }, - { - "name" : "FEDORA-2007-4590", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html" - }, - { - "name" : "FEDORA-2007-4690", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html" - }, - { - "name" : "GLSA-200712-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-23.xml" - }, - { - "name" : "MDVSA-2008:001", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" - }, - { - "name" : "MDVSA-2008:1", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" - }, - { - "name" : "RHSA-2008:0058", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0058.html" - }, - { - "name" : "RHSA-2008:0059", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0059.html" - }, - { - "name" : "SUSE-SR:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" - }, - { - "name" : "26532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26532" - }, - { - "name" : "oval:org.mitre.oval:def:9841", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9841" - }, - { - "name" : "ADV-2007-3956", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3956" - }, - { - "name" : "1018988", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018988" - }, - { - "name" : "1018635", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018635" - }, - { - "name" : "27777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27777" - }, - { - "name" : "28197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28197" - }, - { - "name" : "28288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28288" - }, - { - "name" : "28304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28304" - }, - { - "name" : "28207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28207" - }, - { - "name" : "28325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28325" - }, - { - "name" : "28564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28564" - }, - { - "name" : "28583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28583" - }, - { - "name" : "29048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29048" - }, - { - "name" : "3095", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3095" - }, - { - "name" : "wireshark-dnp3-dos(36392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27777" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1975", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1975" + }, + { + "name": "29048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29048" + }, + { + "name": "1018635", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018635" + }, + { + "name": "26532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26532" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2007-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2007-03.html" + }, + { + "name": "28564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28564" + }, + { + "name": "20080103 rPSA-2008-0004-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485792/100/0/threaded" + }, + { + "name": "GLSA-200712-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-23.xml" + }, + { + "name": "20070904 Wireshark DNP3 Dissector Infinite Loop Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478497/100/0/threaded" + }, + { + "name": "RHSA-2008:0059", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0059.html" + }, + { + "name": "28304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28304" + }, + { + "name": "1018988", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018988" + }, + { + "name": "oval:org.mitre.oval:def:9841", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9841" + }, + { + "name": "FEDORA-2007-4690", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html" + }, + { + "name": "28325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28325" + }, + { + "name": "MDVSA-2008:1", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" + }, + { + "name": "4347", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4347" + }, + { + "name": "MDVSA-2008:001", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" + }, + { + "name": "http://www.securiteam.com/securitynews/5LP0V00MAI.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5LP0V00MAI.html" + }, + { + "name": "3095", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3095" + }, + { + "name": "RHSA-2008:0058", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0058.html" + }, + { + "name": "SUSE-SR:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199958", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199958" + }, + { + "name": "28583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28583" + }, + { + "name": "ADV-2007-3956", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3956" + }, + { + "name": "28197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28197" + }, + { + "name": "28288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28288" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" + }, + { + "name": "28207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28207" + }, + { + "name": "FEDORA-2007-4590", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html" + }, + { + "name": "wireshark-dnp3-dos(36392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36392" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6127.json b/2007/6xxx/CVE-2007-6127.json index 92d5dc9424d..6d3f2c4b32b 100644 --- a/2007/6xxx/CVE-2007-6127.json +++ b/2007/6xxx/CVE-2007-6127.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4655" - }, - { - "name" : "26564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26564" - }, - { - "name" : "ADV-2007-3999", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3999" - }, - { - "name" : "27820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27820" - }, - { - "name" : "projectalumni-index-sql-injection(38620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4655" + }, + { + "name": "26564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26564" + }, + { + "name": "projectalumni-index-sql-injection(38620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38620" + }, + { + "name": "ADV-2007-3999", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3999" + }, + { + "name": "27820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27820" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6434.json b/2007/6xxx/CVE-2007-6434.json index 89f0c2baa00..201d5d08178 100644 --- a/2007/6xxx/CVE-2007-6434.json +++ b/2007/6xxx/CVE-2007-6434.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5" - }, - { - "name" : "26831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26831" - }, - { - "name" : "ADV-2007-4200", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4200" - }, - { - "name" : "40907", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40907" - }, - { - "name" : "28070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-4200", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4200" + }, + { + "name": "40907", + "refsource": "OSVDB", + "url": "http://osvdb.org/40907" + }, + { + "name": "26831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26831" + }, + { + "name": "28070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28070" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6505.json b/2007/6xxx/CVE-2007-6505.json index 7d16c012baf..d9a0bfaa4b0 100644 --- a/2007/6xxx/CVE-2007-6505.json +++ b/2007/6xxx/CVE-2007-6505.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "103172", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103172-1" - }, - { - "name" : "201310", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201310-1" - }, - { - "name" : "44332", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44332" - }, - { - "name" : "oval:org.mitre.oval:def:5282", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5282" - }, - { - "name" : "solaris-sshaudit-weak-security(39185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "201310", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201310-1" + }, + { + "name": "solaris-sshaudit-weak-security(39185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39185" + }, + { + "name": "44332", + "refsource": "OSVDB", + "url": "http://osvdb.org/44332" + }, + { + "name": "oval:org.mitre.oval:def:5282", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5282" + }, + { + "name": "103172", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103172-1" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6649.json b/2007/6xxx/CVE-2007-6649.json index 013a2a83c0d..c456715bf88 100644 --- a/2007/6xxx/CVE-2007-6649.json +++ b/2007/6xxx/CVE-2007-6649.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4815", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4815" - }, - { - "name" : "27073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27073" - }, - { - "name" : "39916", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39916" - }, - { - "name" : "bildergalerie-tumbnail-file-include(39314)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4815", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4815" + }, + { + "name": "39916", + "refsource": "OSVDB", + "url": "http://osvdb.org/39916" + }, + { + "name": "27073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27073" + }, + { + "name": "bildergalerie-tumbnail-file-include(39314)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39314" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1201.json b/2010/1xxx/CVE-2010-1201.json index 73ead730191..4194fff5f75 100644 --- a/2010/1xxx/CVE-2010-1201.json +++ b/2010/1xxx/CVE-2010-1201.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-26.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=524921", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=524921" - }, - { - "name" : "FEDORA-2010-10344", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html" - }, - { - "name" : "FEDORA-2010-10361", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html" - }, - { - "name" : "SUSE-SA:2010:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html" - }, - { - "name" : "USN-930-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-930-1" - }, - { - "name" : "USN-930-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-930-2" - }, - { - "name" : "41050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41050" - }, - { - "name" : "oval:org.mitre.oval:def:12671", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12671" - }, - { - "name" : "1024138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024138" - }, - { - "name" : "1024139", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024139" - }, - { - "name" : "40323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40323" - }, - { - "name" : "40326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40326" - }, - { - "name" : "40401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40401" - }, - { - "name" : "40481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40481" - }, - { - "name" : "ADV-2010-1551", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1551" - }, - { - "name" : "ADV-2010-1640", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1640" - }, - { - "name" : "ADV-2010-1773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1773" - }, - { - "name" : "ADV-2010-1592", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40481" + }, + { + "name": "USN-930-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-930-1" + }, + { + "name": "FEDORA-2010-10361", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html" + }, + { + "name": "1024138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024138" + }, + { + "name": "ADV-2010-1640", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1640" + }, + { + "name": "41050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41050" + }, + { + "name": "ADV-2010-1773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1773" + }, + { + "name": "ADV-2010-1592", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1592" + }, + { + "name": "USN-930-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-930-2" + }, + { + "name": "ADV-2010-1551", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1551" + }, + { + "name": "SUSE-SA:2010:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=524921", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=524921" + }, + { + "name": "40323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40323" + }, + { + "name": "oval:org.mitre.oval:def:12671", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12671" + }, + { + "name": "40401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40401" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-26.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-26.html" + }, + { + "name": "FEDORA-2010-10344", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html" + }, + { + "name": "40326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40326" + }, + { + "name": "1024139", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024139" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1233.json b/2010/1xxx/CVE-2010-1233.json index 7fc0f1dfd9c..768380d0f80 100644 --- a/2010/1xxx/CVE-2010-1233.json +++ b/2010/1xxx/CVE-2010-1233.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=35724", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=35724" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:14023", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14023" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14023", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14023" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=35724", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=35724" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1270.json b/2010/1xxx/CVE-2010-1270.json index bce569a0121..ab213687e6d 100644 --- a/2010/1xxx/CVE-2010-1270.json +++ b/2010/1xxx/CVE-2010-1270.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://4004securityproject.wordpress.com/2010/03/16/phpscripte24-auktionshaus-community-standart-system/", - "refsource" : "MISC", - "url" : "http://4004securityproject.wordpress.com/2010/03/16/phpscripte24-auktionshaus-community-standart-system/" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/multiauktions-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/multiauktions-sql.txt" - }, - { - "name" : "11776", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11776" - }, - { - "name" : "38793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38793" - }, - { - "name" : "63048", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63048" - }, - { - "name" : "38971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38971" - }, - { - "name" : "auktionhaus-auktion-sql-injection(56935)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://4004securityproject.wordpress.com/2010/03/16/phpscripte24-auktionshaus-community-standart-system/", + "refsource": "MISC", + "url": "http://4004securityproject.wordpress.com/2010/03/16/phpscripte24-auktionshaus-community-standart-system/" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/multiauktions-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/multiauktions-sql.txt" + }, + { + "name": "11776", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11776" + }, + { + "name": "63048", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63048" + }, + { + "name": "auktionhaus-auktion-sql-injection(56935)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56935" + }, + { + "name": "38971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38971" + }, + { + "name": "38793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38793" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1824.json b/2010/1xxx/CVE-2010-1824.json index 4c679ede73c..6d2871b22e0 100644 --- a/2010/1xxx/CVE-2010-1824.json +++ b/2010/1xxx/CVE-2010-1824.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-095", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-095" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=50712", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=50712" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=43260", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=43260" - }, - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:7151", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7151" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=50712", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=50712" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "oval:org.mitre.oval:def:7151", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7151" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=43260", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=43260" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-095", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-095" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1901.json b/2010/1xxx/CVE-2010-1901.json index b4f3433f925..55a1b6125b8 100644 --- a/2010/1xxx/CVE-2010-1901.json +++ b/2010/1xxx/CVE-2010-1901.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka \"Word RTF Parsing Engine Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11612", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka \"Word RTF Parsing Engine Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "MS10-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056" + }, + { + "name": "oval:org.mitre.oval:def:11612", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0173.json b/2014/0xxx/CVE-2014-0173.json index 92628c4de57..60a1f74945b 100644 --- a/2014/0xxx/CVE-2014-0173.json +++ b/2014/0xxx/CVE-2014-0173.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jetpack.me/2014/04/10/jetpack-security-update/", - "refsource" : "CONFIRM", - "url" : "http://jetpack.me/2014/04/10/jetpack-security-update/" - }, - { - "name" : "66789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66789" - }, - { - "name" : "57729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57729" - }, - { - "name" : "jetpack-wordpress-cve20140173-sec-bypass(92560)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jetpack.me/2014/04/10/jetpack-security-update/", + "refsource": "CONFIRM", + "url": "http://jetpack.me/2014/04/10/jetpack-security-update/" + }, + { + "name": "66789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66789" + }, + { + "name": "jetpack-wordpress-cve20140173-sec-bypass(92560)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560" + }, + { + "name": "57729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57729" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0456.json b/2014/0xxx/CVE-2014-0456.json index 2ed7dddd273..d671a53b262 100644 --- a/2014/0xxx/CVE-2014-0456.json +++ b/2014/0xxx/CVE-2014-0456.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698" - }, - { - "name" : "DSA-2912", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2912" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "HPSBUX03092", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101668", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "RHSA-2014:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html" - }, - { - "name" : "RHSA-2014:0685", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0685.html" - }, - { - "name" : "RHSA-2014:0413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0413" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "USN-2191-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2191-1" - }, - { - "name" : "USN-2187-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2187-1" - }, - { - "name" : "66877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66877" - }, - { - "name" : "58415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2187-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2187-1" + }, + { + "name": "RHSA-2014:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "USN-2191-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2191-1" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "RHSA-2014:0413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0413" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "HPSBUX03092", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "RHSA-2014:0685", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html" + }, + { + "name": "DSA-2912", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2912" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "58415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58415" + }, + { + "name": "SSRT101668", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "66877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66877" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0819.json b/2014/0xxx/CVE-2014-0819.json index 25c1574468d..94c70dbf114 100644 --- a/2014/0xxx/CVE-2014-0819.json +++ b/2014/0xxx/CVE-2014-0819.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#43254599", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN43254599/index.html" - }, - { - "name" : "JVNDB-2014-000020", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000020", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000020" + }, + { + "name": "JVN#43254599", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN43254599/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0841.json b/2014/0xxx/CVE-2014-0841.json index 9a4487dbb8f..2e277474509 100644 --- a/2014/0xxx/CVE-2014-0841.json +++ b/2014/0xxx/CVE-2014-0841.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/" - }, - { - "name" : "ibm-focalpoint-cve20140841-weak-sec(90704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/" + }, + { + "name": "ibm-focalpoint-cve20140841-weak-sec(90704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90704" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0896.json b/2014/0xxx/CVE-2014-0896.json index 7a7b945fc22..0c09d0add94 100644 --- a/2014/0xxx/CVE-2014-0896.json +++ b/2014/0xxx/CVE-2014-0896.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" - }, - { - "name" : "PI10134", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI10134" - }, - { - "name" : "ibm-was-cve20140896-info-disc(91326)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-was-cve20140896-info-disc(91326)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91326" + }, + { + "name": "PI10134", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI10134" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0980.json b/2014/0xxx/CVE-2014-0980.json index 31b20a924ba..07676e04c47 100644 --- a/2014/0xxx/CVE-2014-0980.json +++ b/2014/0xxx/CVE-2014-0980.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140205 CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/530943/100/0/threaded" - }, - { - "name" : "31461", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31461" - }, - { - "name" : "20140205 CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Feb/34" - }, - { - "name" : "http://www.coresecurity.com/advisories/publish-it-buffer-overflow-vulnerability", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/publish-it-buffer-overflow-vulnerability" - }, - { - "name" : "http://packetstormsecurity.com/files/125089", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125089" - }, - { - "name" : "65366", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65366" - }, - { - "name" : "102911", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102911" - }, - { - "name" : "56618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56618" - }, - { - "name" : "publishit-cve20140980-bo(90989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "publishit-cve20140980-bo(90989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90989" + }, + { + "name": "20140205 CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Feb/34" + }, + { + "name": "http://packetstormsecurity.com/files/125089", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125089" + }, + { + "name": "http://www.coresecurity.com/advisories/publish-it-buffer-overflow-vulnerability", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/publish-it-buffer-overflow-vulnerability" + }, + { + "name": "31461", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31461" + }, + { + "name": "65366", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65366" + }, + { + "name": "102911", + "refsource": "OSVDB", + "url": "http://osvdb.org/102911" + }, + { + "name": "20140205 CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/530943/100/0/threaded" + }, + { + "name": "56618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56618" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1606.json b/2014/1xxx/CVE-2014-1606.json index 87128ac8c19..fb87a94cbab 100644 --- a/2014/1xxx/CVE-2014-1606.json +++ b/2014/1xxx/CVE-2014-1606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1812.json b/2014/1xxx/CVE-2014-1812.json index 20d45f20c04..a5229dbd26d 100644 --- a/2014/1xxx/CVE-2014-1812.json +++ b/2014/1xxx/CVE-2014-1812.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka \"Group Policy Preferences Password Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx" - }, - { - "name" : "MS14-025", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka \"Group Policy Preferences Password Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-025", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-025" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5741.json b/2014/5xxx/CVE-2014-5741.json index 0a0507dbf60..53d9d39db0a 100644 --- a/2014/5xxx/CVE-2014-5741.json +++ b/2014/5xxx/CVE-2014-5741.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security - Complete (aka com.webroot.security.complete) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#783313", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/783313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security - Complete (aka com.webroot.security.complete) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#783313", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/783313" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2154.json b/2015/2xxx/CVE-2015-2154.json index 059eaa6a48d..eb9b6381273 100644 --- a/2015/2xxx/CVE-2015-2154.json +++ b/2015/2xxx/CVE-2015-2154.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150309 tcpdump 4.7.2 remote crashes", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534829/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1201797", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1201797" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0114.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0114.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "DSA-3193", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3193" - }, - { - "name" : "FEDORA-2015-4939", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html" - }, - { - "name" : "FEDORA-2015-4804", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html" - }, - { - "name" : "GLSA-201510-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-04" - }, - { - "name" : "MDVSA-2015:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" - }, - { - "name" : "MDVSA-2015:182", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:182" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "openSUSE-SU-2015:0616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html" - }, - { - "name" : "USN-2580-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2580-1" - }, - { - "name" : "73017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73017" - }, - { - "name" : "1031937", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1201797", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201797" + }, + { + "name": "FEDORA-2015-4939", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html" + }, + { + "name": "MDVSA-2015:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" + }, + { + "name": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "1031937", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031937" + }, + { + "name": "GLSA-201510-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-04" + }, + { + "name": "FEDORA-2015-4804", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0114.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0114.html" + }, + { + "name": "73017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73017" + }, + { + "name": "USN-2580-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2580-1" + }, + { + "name": "20150309 tcpdump 4.7.2 remote crashes", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534829/100/0/threaded" + }, + { + "name": "openSUSE-SU-2015:0616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html" + }, + { + "name": "MDVSA-2015:182", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:182" + }, + { + "name": "DSA-3193", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3193" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10210.json b/2016/10xxx/CVE-2016-10210.json index 0389587d1cf..e0bd40c2a3e 100644 --- a/2016/10xxx/CVE-2016-10210.json +++ b/2016/10xxx/CVE-2016-10210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VirusTotal/yara/commit/3119b232c9c453c98d8fa8b6ae4e37ba18117cd4", - "refsource" : "CONFIRM", - "url" : "https://github.com/VirusTotal/yara/commit/3119b232c9c453c98d8fa8b6ae4e37ba18117cd4" - }, - { - "name" : "https://github.com/VirusTotal/yara/issues/576", - "refsource" : "CONFIRM", - "url" : "https://github.com/VirusTotal/yara/issues/576" - }, - { - "name" : "98077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VirusTotal/yara/issues/576", + "refsource": "CONFIRM", + "url": "https://github.com/VirusTotal/yara/issues/576" + }, + { + "name": "https://github.com/VirusTotal/yara/commit/3119b232c9c453c98d8fa8b6ae4e37ba18117cd4", + "refsource": "CONFIRM", + "url": "https://github.com/VirusTotal/yara/commit/3119b232c9c453c98d8fa8b6ae4e37ba18117cd4" + }, + { + "name": "98077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98077" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3741.json b/2016/3xxx/CVE-2016-3741.json index f3aff5e3d67..57e995f7aef 100644 --- a/2016/3xxx/CVE-2016-3741.json +++ b/2016/3xxx/CVE-2016-3741.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335" - }, - { - "name" : "https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795" + }, + { + "name": "https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4032.json b/2016/4xxx/CVE-2016-4032.json index 0efa84adcda..a7176984900 100644 --- a/2016/4xxx/CVE-2016-4032.json +++ b/2016/4xxx/CVE-2016-4032.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004", - "refsource" : "MISC", - "url" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004" - }, - { - "name" : "97650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004", + "refsource": "MISC", + "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004" + }, + { + "name": "97650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97650" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4518.json b/2016/4xxx/CVE-2016-4518.json index 2e662a961e5..def54dd1c7a 100644 --- a/2016/4xxx/CVE-2016-4518.json +++ b/2016/4xxx/CVE-2016-4518.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-02" - }, - { - "name" : "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00301", - "refsource" : "CONFIRM", - "url" : "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00301", + "refsource": "CONFIRM", + "url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00301" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-02" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4755.json b/2016/4xxx/CVE-2016-4755.json index 78f113f3304..a5a9a7cff26 100644 --- a/2016/4xxx/CVE-2016-4755.json +++ b/2016/4xxx/CVE-2016-4755.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "93055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93055" - }, - { - "name" : "1036858", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036858", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036858" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "93055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93055" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8331.json b/2016/8xxx/CVE-2016-8331.json index 286f228b54f..ba7b6473a77 100644 --- a/2016/8xxx/CVE-2016-8331.json +++ b/2016/8xxx/CVE-2016-8331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-8331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibTIFF 4.0.6", - "version" : { - "version_data" : [ - { - "version_value" : "LibTIFF 4.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "type confusion" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-8331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibTIFF 4.0.6", + "version": { + "version_data": [ + { + "version_value": "LibTIFF 4.0.6" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0190/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0190/" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "93898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "type confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0190/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0190/" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "93898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93898" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8397.json b/2016/8xxx/CVE-2016-8397.json index 8c5a28872b6..491d48b5ea2 100644 --- a/2016/8xxx/CVE-2016-8397.json +++ b/2016/8xxx/CVE-2016-8397.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - }, - { - "name" : "94714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94714" + }, + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8687.json b/2016/8xxx/CVE-2016-8687.json index 9816c13a8bb..2a438eeb963 100644 --- a/2016/8xxx/CVE-2016-8687.json +++ b/2016/8xxx/CVE-2016-8687.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161015 Re: Libarchive/bsdtar: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/11" - }, - { - "name" : "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/" - }, - { - "name" : "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a", - "refsource" : "MISC", - "url" : "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1377926", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1377926" - }, - { - "name" : "GLSA-201701-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-03" - }, - { - "name" : "openSUSE-SU-2016:3002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html" - }, - { - "name" : "93781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93781" - }, - { - "name" : "1037668", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161015 Re: Libarchive/bsdtar: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/11" + }, + { + "name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" + }, + { + "name": "GLSA-201701-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-03" + }, + { + "name": "93781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93781" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1377926", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377926" + }, + { + "name": "openSUSE-SU-2016:3002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html" + }, + { + "name": "1037668", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037668" + }, + { + "name": "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a", + "refsource": "MISC", + "url": "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8746.json b/2016/8xxx/CVE-2016-8746.json index 36a0fc783d7..c6ac8738b09 100644 --- a/2016/8xxx/CVE-2016-8746.json +++ b/2016/8xxx/CVE-2016-8746.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2016-8746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Ranger", - "version" : { - "version_data" : [ - { - "version_value" : "0.6.0 - 0.6.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2016-8746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Ranger", + "version": { + "version_data": [ + { + "version_value": "0.6.0 - 0.6.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" - }, - { - "name" : "95998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95998" + }, + { + "name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8981.json b/2016/8xxx/CVE-2016-8981.json index 418f9536ee6..9cb86c8ce7d 100644 --- a/2016/8xxx/CVE-2016-8981.json +++ b/2016/8xxx/CVE-2016-8981.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Inventory", - "version" : { - "version_data" : [ - { - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Inventory", + "version": { + "version_data": [ + { + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21994932", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21994932" - }, - { - "name" : "95137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95137" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21994932", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21994932" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9476.json b/2016/9xxx/CVE-2016-9476.json index 3a71be5ed44..2a7e303435a 100644 --- a/2016/9xxx/CVE-2016-9476.json +++ b/2016/9xxx/CVE-2016-9476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9476", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9476", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9599.json b/2016/9xxx/CVE-2016-9599.json index 9220226f940..956ee9361ff 100644 --- a/2016/9xxx/CVE-2016-9599.json +++ b/2016/9xxx/CVE-2016-9599.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2016-9599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "puppet-tripleo", - "version" : { - "version_data" : [ - { - "version_value" : "puppet-tripleo 5.5.0" - }, - { - "version_value" : " puppet-tripleo 6.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "puppet-tripleo", + "version": { + "version_data": [ + { + "version_value": "puppet-tripleo 5.5.0" + }, + { + "version_value": " puppet-tripleo 6.2.0" + } + ] + } + } + ] + }, + "vendor_name": "" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9599", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9599" - }, - { - "name" : "RHSA-2017:0025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0025.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9599", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9599" + }, + { + "name": "RHSA-2017:0025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0025.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9934.json b/2016/9xxx/CVE-2016-9934.json index ebf031cb79d..7fe25bc41ec 100644 --- a/2016/9xxx/CVE-2016-9934.json +++ b/2016/9xxx/CVE-2016-9934.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/12/2" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=73331", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=73331" - }, - { - "name" : "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d" - }, - { - "name" : "RHSA-2018:1296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1296" - }, - { - "name" : "openSUSE-SU-2016:3239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html" - }, - { - "name" : "openSUSE-SU-2017:0061", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html" - }, - { - "name" : "openSUSE-SU-2017:0081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html" - }, - { - "name" : "94845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/12/2" + }, + { + "name": "openSUSE-SU-2017:0081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html" + }, + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "94845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94845" + }, + { + "name": "RHSA-2018:1296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1296" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "openSUSE-SU-2017:0061", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html" + }, + { + "name": "openSUSE-SU-2016:3239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html" + }, + { + "name": "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d" + }, + { + "name": "https://bugs.php.net/bug.php?id=73331", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=73331" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2153.json b/2019/2xxx/CVE-2019-2153.json index a9dbfdbb72a..e319a72ebb1 100644 --- a/2019/2xxx/CVE-2019-2153.json +++ b/2019/2xxx/CVE-2019-2153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2153", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2153", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2419.json b/2019/2xxx/CVE-2019-2419.json index 6eb1b192fb1..ab2ea0157d6 100644 --- a/2019/2xxx/CVE-2019-2419.json +++ b/2019/2xxx/CVE-2019-2419.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise CC Common Application Objects", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects component of Oracle PeopleSoft Products (subcomponent: Form and Approval Builder). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise CC Common Application Objects, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. Note: This Enterprise Common Component is used by all PeopleSoft Application products. Please refer to the MOS Note Doc ID 2493366.1 for patch information. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise CC Common Application Objects, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise CC Common Application Objects", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects component of Oracle PeopleSoft Products (subcomponent: Form and Approval Builder). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise CC Common Application Objects, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. Note: This Enterprise Common Component is used by all PeopleSoft Application products. Please refer to the MOS Note Doc ID 2493366.1 for patch information. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise CC Common Application Objects, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106607" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2513.json b/2019/2xxx/CVE-2019-2513.json index e8339424f67..9a3250206d0 100644 --- a/2019/2xxx/CVE-2019-2513.json +++ b/2019/2xxx/CVE-2019-2513.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "106622", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106622", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106622" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3658.json b/2019/3xxx/CVE-2019-3658.json index 9183744d832..59a6099ea88 100644 --- a/2019/3xxx/CVE-2019-3658.json +++ b/2019/3xxx/CVE-2019-3658.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3658", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3658", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3756.json b/2019/3xxx/CVE-2019-3756.json index 5a44540f3a8..9c81598de67 100644 --- a/2019/3xxx/CVE-2019-3756.json +++ b/2019/3xxx/CVE-2019-3756.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3756", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3756", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6073.json b/2019/6xxx/CVE-2019-6073.json index 74722777425..92293b9a134 100644 --- a/2019/6xxx/CVE-2019-6073.json +++ b/2019/6xxx/CVE-2019-6073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6073", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6073", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6180.json b/2019/6xxx/CVE-2019-6180.json index 521531ac893..fdb054456dd 100644 --- a/2019/6xxx/CVE-2019-6180.json +++ b/2019/6xxx/CVE-2019-6180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6180", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6601.json b/2019/6xxx/CVE-2019-6601.json index d79eef3d4cc..d2d3ab64d2f 100644 --- a/2019/6xxx/CVE-2019-6601.json +++ b/2019/6xxx/CVE-2019-6601.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2019-03-11T00:00:00", - "ID" : "CVE-2019-6601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (AAM)", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2019-03-11T00:00:00", + "ID": "CVE-2019-6601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (AAM)", + "version": { + "version_data": [ + { + "version_value": "13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K25359902", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K25359902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K25359902", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K25359902" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6605.json b/2019/6xxx/CVE-2019-6605.json index 02c1c38118d..814d9ac264e 100644 --- a/2019/6xxx/CVE-2019-6605.json +++ b/2019/6xxx/CVE-2019-6605.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6605", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6605", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6884.json b/2019/6xxx/CVE-2019-6884.json index 73b562fcc2f..a4b6c316c02 100644 --- a/2019/6xxx/CVE-2019-6884.json +++ b/2019/6xxx/CVE-2019-6884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6884", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6884", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7100.json b/2019/7xxx/CVE-2019-7100.json index 68781e95532..c028cd19aa6 100644 --- a/2019/7xxx/CVE-2019-7100.json +++ b/2019/7xxx/CVE-2019-7100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7189.json b/2019/7xxx/CVE-2019-7189.json index fbb42b226b3..a5f1f2c4a2e 100644 --- a/2019/7xxx/CVE-2019-7189.json +++ b/2019/7xxx/CVE-2019-7189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7189", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7189", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7226.json b/2019/7xxx/CVE-2019-7226.json index c769683d6e8..9110723dfe2 100644 --- a/2019/7xxx/CVE-2019-7226.json +++ b/2019/7xxx/CVE-2019-7226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7226", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7226", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7258.json b/2019/7xxx/CVE-2019-7258.json index 3e866e1c91a..1da60575392 100644 --- a/2019/7xxx/CVE-2019-7258.json +++ b/2019/7xxx/CVE-2019-7258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7258", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7258", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7830.json b/2019/7xxx/CVE-2019-7830.json index dcf01fcf959..9d152e643ee 100644 --- a/2019/7xxx/CVE-2019-7830.json +++ b/2019/7xxx/CVE-2019-7830.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7830", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7830", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file