diff --git a/2000/0xxx/CVE-2000-0296.json b/2000/0xxx/CVE-2000-0296.json index 659631498c2..4328c8bbd74 100644 --- a/2000/0xxx/CVE-2000-0296.json +++ b/2000/0xxx/CVE-2000-0296.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000331 fcheck v.2.7.45 and insecure use of Perl's system()", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/current/0011.html" - }, - { - "name" : "1086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000331 fcheck v.2.7.45 and insecure use of Perl's system()", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/current/0011.html" + }, + { + "name": "1086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1086" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0350.json b/2007/0xxx/CVE-2007-0350.json index 414c82767d2..118faaac4ba 100644 --- a/2007/0xxx/CVE-2007-0350.json +++ b/2007/0xxx/CVE-2007-0350.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070116 [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2007-01/0395.html" - }, - { - "name" : "20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2007-January/001244.html" - }, - { - "name" : "ADV-2007-0221", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0221" - }, - { - "name" : "32833", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32833" - }, - { - "name" : "smefilemailer-login-sql-injection(31533)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2007-January/001244.html" + }, + { + "name": "20070116 [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2007-01/0395.html" + }, + { + "name": "smefilemailer-login-sql-injection(31533)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31533" + }, + { + "name": "32833", + "refsource": "OSVDB", + "url": "http://osvdb.org/32833" + }, + { + "name": "ADV-2007-0221", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0221" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0386.json b/2007/0xxx/CVE-2007-0386.json index d032d1cc7bb..d8e8253806c 100644 --- a/2007/0xxx/CVE-2007-0386.json +++ b/2007/0xxx/CVE-2007-0386.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to \"an interesting bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070118 The vulnerabilities festival !", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html" - }, - { - "name" : "http://www.hackers.ir/advisories/festival.txt", - "refsource" : "MISC", - "url" : "http://www.hackers.ir/advisories/festival.txt" - }, - { - "name" : "35471", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to \"an interesting bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35471", + "refsource": "OSVDB", + "url": "http://osvdb.org/35471" + }, + { + "name": "20070118 The vulnerabilities festival !", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html" + }, + { + "name": "http://www.hackers.ir/advisories/festival.txt", + "refsource": "MISC", + "url": "http://www.hackers.ir/advisories/festival.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0591.json b/2007/0xxx/CVE-2007-0591.json index a6a36753f74..b4d0c966fef 100644 --- a/2007/0xxx/CVE-2007-0591.json +++ b/2007/0xxx/CVE-2007-0591.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3198", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3198" - }, - { - "name" : "22241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22241" - }, - { - "name" : "ADV-2007-0352", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0352" - }, - { - "name" : "31636", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31636" - }, - { - "name" : "23918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22241" + }, + { + "name": "23918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23918" + }, + { + "name": "3198", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3198" + }, + { + "name": "31636", + "refsource": "OSVDB", + "url": "http://osvdb.org/31636" + }, + { + "name": "ADV-2007-0352", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0352" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0639.json b/2007/0xxx/CVE-2007-0639.json index 9cd0cf4deda..362e4c5054a 100644 --- a/2007/0xxx/CVE-2007-0639.json +++ b/2007/0xxx/CVE-2007-0639.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0]." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://retrogod.altervista.org/guppy_4516_cmd.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/guppy_4516_cmd.html" - }, - { - "name" : "3221", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3221" - }, - { - "name" : "ADV-2007-0421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0421" - }, - { - "name" : "33016", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33016" - }, - { - "name" : "1017569", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017569" - }, - { - "name" : "23914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23914" - }, - { - "name" : "guppy-error-code-execution(31882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23914" + }, + { + "name": "guppy-error-code-execution(31882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31882" + }, + { + "name": "1017569", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017569" + }, + { + "name": "ADV-2007-0421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0421" + }, + { + "name": "http://retrogod.altervista.org/guppy_4516_cmd.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/guppy_4516_cmd.html" + }, + { + "name": "3221", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3221" + }, + { + "name": "33016", + "refsource": "OSVDB", + "url": "http://osvdb.org/33016" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1164.json b/2007/1xxx/CVE-2007-1164.json index e91af9724ce..5069754ab6c 100644 --- a/2007/1xxx/CVE-2007-1164.json +++ b/2007/1xxx/CVE-2007-1164.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070302 Remote File Include In DBImageGallery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461741/100/0/threaded" - }, - { - "name" : "20070305 Re: Remote File Include In DBImageGallery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462142/100/0/threaded" - }, - { - "name" : "3353", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3353" - }, - { - "name" : "22657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22657" - }, - { - "name" : "ADV-2007-0692", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0692" - }, - { - "name" : "34937", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34937" - }, - { - "name" : "34938", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34938" - }, - { - "name" : "34939", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34939" - }, - { - "name" : "34940", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34940" - }, - { - "name" : "34941", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34941" - }, - { - "name" : "34942", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34942" - }, - { - "name" : "34943", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34943" - }, - { - "name" : "34944", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34944" - }, - { - "name" : "dbimagegallery-donsimg-file-include(32612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34944", + "refsource": "OSVDB", + "url": "http://osvdb.org/34944" + }, + { + "name": "3353", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3353" + }, + { + "name": "ADV-2007-0692", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0692" + }, + { + "name": "34943", + "refsource": "OSVDB", + "url": "http://osvdb.org/34943" + }, + { + "name": "34940", + "refsource": "OSVDB", + "url": "http://osvdb.org/34940" + }, + { + "name": "20070305 Re: Remote File Include In DBImageGallery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462142/100/0/threaded" + }, + { + "name": "34937", + "refsource": "OSVDB", + "url": "http://osvdb.org/34937" + }, + { + "name": "22657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22657" + }, + { + "name": "dbimagegallery-donsimg-file-include(32612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32612" + }, + { + "name": "20070302 Remote File Include In DBImageGallery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461741/100/0/threaded" + }, + { + "name": "34942", + "refsource": "OSVDB", + "url": "http://osvdb.org/34942" + }, + { + "name": "34938", + "refsource": "OSVDB", + "url": "http://osvdb.org/34938" + }, + { + "name": "34939", + "refsource": "OSVDB", + "url": "http://osvdb.org/34939" + }, + { + "name": "34941", + "refsource": "OSVDB", + "url": "http://osvdb.org/34941" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1215.json b/2007/1xxx/CVE-2007-1215.json index e7374aafcc9..06a01fe4428 100644 --- a/2007/1xxx/CVE-2007-1215.json +++ b/2007/1xxx/CVE-2007-1215.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain \"color-related parameters\" in crafted images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-1215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02206", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466186/100/200/threaded" - }, - { - "name" : "SSRT071354", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466186/100/200/threaded" - }, - { - "name" : "MS07-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017" - }, - { - "name" : "23273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23273" - }, - { - "name" : "ADV-2007-1215", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1215" - }, - { - "name" : "oval:org.mitre.oval:def:1927", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1927" - }, - { - "name" : "1017847", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain \"color-related parameters\" in crafted images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1215", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1215" + }, + { + "name": "1017847", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017847" + }, + { + "name": "oval:org.mitre.oval:def:1927", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1927" + }, + { + "name": "HPSBST02206", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466186/100/200/threaded" + }, + { + "name": "MS07-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017" + }, + { + "name": "23273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23273" + }, + { + "name": "SSRT071354", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466186/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1233.json b/2007/1xxx/CVE-2007-1233.json index 3858f68abdb..f1ab1da9f7b 100644 --- a/2007/1xxx/CVE-2007-1233.json +++ b/2007/1xxx/CVE-2007-1233.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3379", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3379" - }, - { - "name" : "22723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22723" - }, - { - "name" : "ADV-2007-0754", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0754" - }, - { - "name" : "33777", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33777" - }, - { - "name" : "24280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24280" - }, - { - "name" : "stwccounter-downloadcounter-file-include(32681)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0754", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0754" + }, + { + "name": "stwccounter-downloadcounter-file-include(32681)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32681" + }, + { + "name": "3379", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3379" + }, + { + "name": "24280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24280" + }, + { + "name": "22723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22723" + }, + { + "name": "33777", + "refsource": "OSVDB", + "url": "http://osvdb.org/33777" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5624.json b/2007/5xxx/CVE-2007-5624.json index 0cfbe13bc53..432cae0016a 100644 --- a/2007/5xxx/CVE-2007-5624.json +++ b/2007/5xxx/CVE-2007-5624.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=362791", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=362791" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=362801", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=362801" - }, - { - "name" : "http://www.nagios.org/development/changelog.php#2x_branch", - "refsource" : "CONFIRM", - "url" : "http://www.nagios.org/development/changelog.php#2x_branch" - }, - { - "name" : "FEDORA-2007-4123", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html" - }, - { - "name" : "FEDORA-2007-4145", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html" - }, - { - "name" : "MDVSA-2008:067", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067" - }, - { - "name" : "SUSE-SR:2008:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html" - }, - { - "name" : "26152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26152" - }, - { - "name" : "ADV-2007-3567", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3567" - }, - { - "name" : "27316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27316" - }, - { - "name" : "27980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27980" - }, - { - "name" : "nagios-cgi-xss(37350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2008:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html" + }, + { + "name": "FEDORA-2007-4145", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html" + }, + { + "name": "MDVSA-2008:067", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=362791", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362791" + }, + { + "name": "ADV-2007-3567", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3567" + }, + { + "name": "27980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27980" + }, + { + "name": "http://www.nagios.org/development/changelog.php#2x_branch", + "refsource": "CONFIRM", + "url": "http://www.nagios.org/development/changelog.php#2x_branch" + }, + { + "name": "nagios-cgi-xss(37350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37350" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=362801", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362801" + }, + { + "name": "26152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26152" + }, + { + "name": "FEDORA-2007-4123", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html" + }, + { + "name": "27316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27316" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5682.json b/2007/5xxx/CVE-2007-5682.json index 66173cc772c..d52b1b69dde 100644 --- a/2007/5xxx/CVE-2007-5682.json +++ b/2007/5xxx/CVE-2007-5682.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071029 Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482908" - }, - { - "name" : "http://www.sektioneins.de/advisories/SE-2007-01.txt", - "refsource" : "MISC", - "url" : "http://www.sektioneins.de/advisories/SE-2007-01.txt" - }, - { - "name" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=15", - "refsource" : "CONFIRM", - "url" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=15" - }, - { - "name" : "26220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26220" - }, - { - "name" : "43610", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sektioneins.de/advisories/SE-2007-01.txt", + "refsource": "MISC", + "url": "http://www.sektioneins.de/advisories/SE-2007-01.txt" + }, + { + "name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15", + "refsource": "CONFIRM", + "url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15" + }, + { + "name": "20071029 Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482908" + }, + { + "name": "43610", + "refsource": "OSVDB", + "url": "http://osvdb.org/43610" + }, + { + "name": "26220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26220" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5863.json b/2007/5xxx/CVE-2007-5863.json index 4418192c30b..2e9a9e263ef 100644 --- a/2007/5xxx/CVE-2007-5863.json +++ b/2007/5xxx/CVE-2007-5863.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the \"allow-external-scripts\" option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071217 Apple OS X Software Update Remote Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485237/100/0/threaded" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307179", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307179" - }, - { - "name" : "APPLE-SA-2007-12-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" - }, - { - "name" : "TA07-352A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" - }, - { - "name" : "26908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26908" - }, - { - "name" : "ADV-2007-4238", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4238" - }, - { - "name" : "1019106", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019106" - }, - { - "name" : "28136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28136" - }, - { - "name" : "macos-software-update-command-execution(39111)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the \"allow-external-scripts\" option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-software-update-command-execution(39111)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39111" + }, + { + "name": "ADV-2007-4238", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4238" + }, + { + "name": "20071217 Apple OS X Software Update Remote Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485237/100/0/threaded" + }, + { + "name": "TA07-352A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" + }, + { + "name": "28136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28136" + }, + { + "name": "1019106", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019106" + }, + { + "name": "26908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26908" + }, + { + "name": "APPLE-SA-2007-12-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307179", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307179" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3127.json b/2015/3xxx/CVE-2015-3127.json index bd5998887da..06b197a88b7 100644 --- a/2015/3xxx/CVE-2015-3127.json +++ b/2015/3xxx/CVE-2015-3127.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html" - }, - { - "name" : "GLSA-201507-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-13" - }, - { - "name" : "RHSA-2015:1214", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1214.html" - }, - { - "name" : "SUSE-SU-2015:1211", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html" - }, - { - "name" : "SUSE-SU-2015:1214", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html" - }, - { - "name" : "75590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75590" - }, - { - "name" : "1032810", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032810", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032810" + }, + { + "name": "SUSE-SU-2015:1211", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html" + }, + { + "name": "RHSA-2015:1214", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1214.html" + }, + { + "name": "SUSE-SU-2015:1214", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html" + }, + { + "name": "GLSA-201507-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-13" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html" + }, + { + "name": "75590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75590" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3985.json b/2015/3xxx/CVE-2015-3985.json index 8a029d77917..3609b2d5d7c 100644 --- a/2015/3xxx/CVE-2015-3985.json +++ b/2015/3xxx/CVE-2015-3985.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3985", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3985", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6605.json b/2015/6xxx/CVE-2015-6605.json index e3e6259aeaa..72b9abf2f99 100644 --- a/2015/6xxx/CVE-2015-6605.json +++ b/2015/6xxx/CVE-2015-6605.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-6605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6801.json b/2015/6xxx/CVE-2015-6801.json index 2503ac5041b..fedc8de33b1 100644 --- a/2015/6xxx/CVE-2015-6801.json +++ b/2015/6xxx/CVE-2015-6801.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6801", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6801", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7517.json b/2015/7xxx/CVE-2015-7517.json index 092ba40f3a6..e7ce424aefb 100644 --- a/2015/7xxx/CVE-2015-7517.json +++ b/2015/7xxx/CVE-2015-7517.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-7517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://permalink.gmane.org/gmane.comp.security.oss.general/18255", - "refsource" : "MISC", - "url" : "http://permalink.gmane.org/gmane.comp.security.oss.general/18255" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=157", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=157" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8345", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8345" - }, - { - "name" : "78220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78220" + }, + { + "name": "http://permalink.gmane.org/gmane.comp.security.oss.general/18255", + "refsource": "MISC", + "url": "http://permalink.gmane.org/gmane.comp.security.oss.general/18255" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8345", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8345" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=157", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=157" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7530.json b/2015/7xxx/CVE-2015-7530.json index 61e17e36e04..f975bf7cffe 100644 --- a/2015/7xxx/CVE-2015-7530.json +++ b/2015/7xxx/CVE-2015-7530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7530", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7530", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7783.json b/2015/7xxx/CVE-2015-7783.json index 451cba7fa18..3a7a041e2a7 100644 --- a/2015/7xxx/CVE-2015-7783.json +++ b/2015/7xxx/CVE-2015-7783.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-7783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php.s3.to/bbs/bbs2.php", - "refsource" : "CONFIRM", - "url" : "http://php.s3.to/bbs/bbs2.php" - }, - { - "name" : "JVN#72891124", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN72891124/index.html" - }, - { - "name" : "JVNDB-2015-000189", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://php.s3.to/bbs/bbs2.php", + "refsource": "CONFIRM", + "url": "http://php.s3.to/bbs/bbs2.php" + }, + { + "name": "JVNDB-2015-000189", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000189" + }, + { + "name": "JVN#72891124", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN72891124/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7959.json b/2015/7xxx/CVE-2015-7959.json index 94268b07334..02c02dd4392 100644 --- a/2015/7xxx/CVE-2015-7959.json +++ b/2015/7xxx/CVE-2015-7959.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7959", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7959", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8414.json b/2015/8xxx/CVE-2015-8414.json index df440b42960..d65cc353b6e 100644 --- a/2015/8xxx/CVE-2015-8414.json +++ b/2015/8xxx/CVE-2015-8414.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8423.json b/2015/8xxx/CVE-2015-8423.json index 132c9a9108e..83e72f627e3 100644 --- a/2015/8xxx/CVE-2015-8423.json +++ b/2015/8xxx/CVE-2015-8423.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39047", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39047/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "39047", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39047/" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8917.json b/2015/8xxx/CVE-2015-8917.json index 8f129d81b06..6c041016083 100644 --- a/2015/8xxx/CVE-2015-8917.json +++ b/2015/8xxx/CVE-2015-8917.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160617 Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/2" - }, - { - "name" : "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/5" - }, - { - "name" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" - }, - { - "name" : "https://github.com/libarchive/libarchive/issues/505", - "refsource" : "CONFIRM", - "url" : "https://github.com/libarchive/libarchive/issues/505" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2015-8917", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2015-8917" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3657", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3657" - }, - { - "name" : "GLSA-201701-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-03" - }, - { - "name" : "RHSA-2016:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1844.html" - }, - { - "name" : "USN-3033-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3033-1" - }, - { - "name" : "91303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3033-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3033-1" + }, + { + "name": "RHSA-2016:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html" + }, + { + "name": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "https://github.com/libarchive/libarchive/issues/505", + "refsource": "CONFIRM", + "url": "https://github.com/libarchive/libarchive/issues/505" + }, + { + "name": "91303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91303" + }, + { + "name": "[oss-security] 20160617 Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/2" + }, + { + "name": "GLSA-201701-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-03" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2015-8917", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2015-8917" + }, + { + "name": "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/5" + }, + { + "name": "DSA-3657", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3657" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0159.json b/2016/0xxx/CVE-2016-0159.json index 1021a808f19..0109e806ad5 100644 --- a/2016/0xxx/CVE-2016-0159.json +++ b/2016/0xxx/CVE-2016-0159.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-231", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-231" - }, - { - "name" : "MS16-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037" - }, - { - "name" : "1035521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035521" + }, + { + "name": "MS16-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-231", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-231" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0351.json b/2016/0xxx/CVE-2016-0351.json index 32e28bfa202..b04a6c903ee 100644 --- a/2016/0xxx/CVE-2016-0351.json +++ b/2016/0xxx/CVE-2016-0351.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989198", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989198" - }, - { - "name" : "ibm-sim-cve20160351-info-disc(111890)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/111890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989198", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989198" + }, + { + "name": "ibm-sim-cve20160351-info-disc(111890)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111890" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0379.json b/2016/0xxx/CVE-2016-0379.json index 00b4de3f859..7c440780d8b 100644 --- a/2016/0xxx/CVE-2016-0379.json +++ b/2016/0xxx/CVE-2016-0379.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984565", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984565" - }, - { - "name" : "93146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21984565", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984565" + }, + { + "name": "93146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93146" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0585.json b/2016/0xxx/CVE-2016-0585.json index e5ca38af239..40432f75727 100644 --- a/2016/0xxx/CVE-2016-0585.json +++ b/2016/0xxx/CVE-2016-0585.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via vectors related to ICX Error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via vectors related to ICX Error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034726" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0692.json b/2016/0xxx/CVE-2016-0692.json index 5b32afa80d0..c571e96bc3f 100644 --- a/2016/0xxx/CVE-2016-0692.json +++ b/2016/0xxx/CVE-2016-0692.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0694, and CVE-2016-3418." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0694, and CVE-2016-3418." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0798.json b/2016/0xxx/CVE-2016-0798.json index 8da2a509b0b..e7e21a7e2a1 100644 --- a/2016/0xxx/CVE-2016-0798.json +++ b/2016/0xxx/CVE-2016-0798.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-0798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-0798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openssl.org/news/secadv/20160301.txt", - "refsource" : "CONFIRM", - "url" : "http://openssl.org/news/secadv/20160301.txt" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21" - }, - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://www.openssl.org/news/secadv/20160301.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20160301.txt" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us" - }, - { - "name" : "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl" - }, - { - "name" : "DSA-3500", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3500" - }, - { - "name" : "FreeBSD-SA-16:12", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc" - }, - { - "name" : "GLSA-201603-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-15" - }, - { - "name" : "SUSE-SU-2016:0617", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html" - }, - { - "name" : "SUSE-SU-2016:0620", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html" - }, - { - "name" : "SUSE-SU-2016:0621", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html" - }, - { - "name" : "openSUSE-SU-2016:0627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html" - }, - { - "name" : "openSUSE-SU-2016:0628", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:0637", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" - }, - { - "name" : "openSUSE-SU-2016:0638", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html" - }, - { - "name" : "USN-2914-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2914-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "83705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83705" - }, - { - "name" : "1035133", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "openSUSE-SU-2016:0638", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html" + }, + { + "name": "FreeBSD-SA-16:12", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc" + }, + { + "name": "SUSE-SU-2016:0621", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html" + }, + { + "name": "USN-2914-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2914-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168" + }, + { + "name": "http://openssl.org/news/secadv/20160301.txt", + "refsource": "CONFIRM", + "url": "http://openssl.org/news/secadv/20160301.txt" + }, + { + "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl" + }, + { + "name": "83705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83705" + }, + { + "name": "DSA-3500", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3500" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us" + }, + { + "name": "https://www.openssl.org/news/secadv/20160301.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20160301.txt" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "SUSE-SU-2016:0617", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html" + }, + { + "name": "GLSA-201603-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-15" + }, + { + "name": "openSUSE-SU-2016:0628", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html" + }, + { + "name": "1035133", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035133" + }, + { + "name": "SUSE-SU-2016:0620", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html" + }, + { + "name": "openSUSE-SU-2016:0637", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" + }, + { + "name": "openSUSE-SU-2016:0627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000240.json b/2016/1000xxx/CVE-2016-1000240.json index 49d632a03a3..a70637d2829 100644 --- a/2016/1000xxx/CVE-2016-1000240.json +++ b/2016/1000xxx/CVE-2016-1000240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1232.json b/2016/1xxx/CVE-2016-1232.json index 8fff97ca54e..2b69157302f 100644 --- a/2016/1xxx/CVE-2016-1232.json +++ b/2016/1xxx/CVE-2016-1232.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-1232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160108 CVE-2016-1231, CVE-2016-1232: Prosody XMPP server multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/08/5" - }, - { - "name" : "http://blog.prosody.im/prosody-0-9-9-security-release/", - "refsource" : "CONFIRM", - "url" : "http://blog.prosody.im/prosody-0-9-9-security-release/" - }, - { - "name" : "https://prosody.im/issues/issue/571", - "refsource" : "CONFIRM", - "url" : "https://prosody.im/issues/issue/571" - }, - { - "name" : "https://prosody.im/security/advisory_20160108-2/", - "refsource" : "CONFIRM", - "url" : "https://prosody.im/security/advisory_20160108-2/" - }, - { - "name" : "DSA-3439", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3439" - }, - { - "name" : "FEDORA-2016-38e48069f8", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175829.html" - }, - { - "name" : "FEDORA-2016-e289f41b76", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175868.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://prosody.im/issues/issue/571", + "refsource": "CONFIRM", + "url": "https://prosody.im/issues/issue/571" + }, + { + "name": "FEDORA-2016-e289f41b76", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175868.html" + }, + { + "name": "FEDORA-2016-38e48069f8", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175829.html" + }, + { + "name": "DSA-3439", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3439" + }, + { + "name": "http://blog.prosody.im/prosody-0-9-9-security-release/", + "refsource": "CONFIRM", + "url": "http://blog.prosody.im/prosody-0-9-9-security-release/" + }, + { + "name": "https://prosody.im/security/advisory_20160108-2/", + "refsource": "CONFIRM", + "url": "https://prosody.im/security/advisory_20160108-2/" + }, + { + "name": "[oss-security] 20160108 CVE-2016-1231, CVE-2016-1232: Prosody XMPP server multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/08/5" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1243.json b/2016/1xxx/CVE-2016-1243.json index 40b7e69831a..834bf4980e1 100644 --- a/2016/1xxx/CVE-2016-1243.json +++ b/2016/1xxx/CVE-2016-1243.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-1243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch", - "refsource" : "MISC", - "url" : "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248" - }, - { - "name" : "DSA-3676", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3676" - }, - { - "name" : "GLSA-201804-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-20" - }, - { - "name" : "93329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201804-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-20" + }, + { + "name": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch", + "refsource": "MISC", + "url": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch" + }, + { + "name": "93329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93329" + }, + { + "name": "DSA-3676", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3676" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1374.json b/2016/1xxx/CVE-2016-1374.json index 5150dfeec09..fa73a09386d 100644 --- a/2016/1xxx/CVE-2016-1374.json +++ b/2016/1xxx/CVE-2016-1374.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160720 Cisco Unified Computing System Performance Manager Input Validation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf" - }, - { - "name" : "92044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92044" - }, - { - "name" : "1036410", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160720 Cisco Unified Computing System Performance Manager Input Validation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf" + }, + { + "name": "92044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92044" + }, + { + "name": "1036410", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036410" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1511.json b/2016/1xxx/CVE-2016-1511.json index b93428bd18a..b36c119f062 100644 --- a/2016/1xxx/CVE-2016-1511.json +++ b/2016/1xxx/CVE-2016-1511.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1511", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1511", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1809.json b/2016/1xxx/CVE-2016-1809.json index 3632cddb895..3e7a159c735 100644 --- a/2016/1xxx/CVE-2016-1809.json +++ b/2016/1xxx/CVE-2016-1809.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "1035895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "1035895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035895" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4071.json b/2016/4xxx/CVE-2016-4071.json index a684ac3a59a..52deca8529c 100644 --- a/2016/4xxx/CVE-2016-4071.json +++ b/2016/4xxx/CVE-2016-4071.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39645", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39645/" - }, - { - "name" : "[oss-security] 20160423 Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/24/1" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=71704", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=71704" - }, - { - "name" : "https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8", - "refsource" : "CONFIRM", - "url" : "https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8" - }, - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "DSA-3560", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3560" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "SUSE-SU-2016:1277", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html" - }, - { - "name" : "openSUSE-SU-2016:1274", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html" - }, - { - "name" : "openSUSE-SU-2016:1373", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html" - }, - { - "name" : "USN-2952-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2952-1" - }, - { - "name" : "USN-2952-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2952-2" - }, - { - "name" : "85800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2952-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2952-1" + }, + { + "name": "https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8", + "refsource": "CONFIRM", + "url": "https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" + }, + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "https://bugs.php.net/bug.php?id=71704", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=71704" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "DSA-3560", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3560" + }, + { + "name": "USN-2952-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2952-2" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "39645", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39645/" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" + }, + { + "name": "85800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85800" + }, + { + "name": "openSUSE-SU-2016:1274", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html" + }, + { + "name": "SUSE-SU-2016:1277", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html" + }, + { + "name": "[oss-security] 20160423 Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/24/1" + }, + { + "name": "openSUSE-SU-2016:1373", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5052.json b/2016/5xxx/CVE-2016-5052.json index cc078783a6c..3f0ac26b0dc 100644 --- a/2016/5xxx/CVE-2016-5052.json +++ b/2016/5xxx/CVE-2016-5052.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-5052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26", - "version" : { - "version_data" : [ - { - "version_value" : "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Lack of SSL Pinning" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26", + "version": { + "version_data": [ + { + "version_value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lack of SSL Pinning" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5157.json b/2016/5xxx/CVE-2016-5157.json index 1db30d0ef9f..e49893dc1d4 100644 --- a/2016/5xxx/CVE-2016-5157.json +++ b/2016/5xxx/CVE-2016-5157.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160908 Re: CVE Request: OpenJPEG Heap Buffer Overflow Issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/08/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1374337", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1374337" - }, - { - "name" : "https://crbug.com/632622", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/632622" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea", - "refsource" : "CONFIRM", - "url" : "https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea" - }, - { - "name" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", - "refsource" : "CONFIRM", - "url" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" - }, - { - "name" : "https://pdfium.googlesource.com/pdfium/+/b6befb2ed2485a3805cddea86dc7574510178ea9", - "refsource" : "CONFIRM", - "url" : "https://pdfium.googlesource.com/pdfium/+/b6befb2ed2485a3805cddea86dc7574510178ea9" - }, - { - "name" : "DSA-3660", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3660" - }, - { - "name" : "DSA-4013", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4013" - }, - { - "name" : "FEDORA-2016-231f53426b", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/" - }, - { - "name" : "FEDORA-2016-27d3b7742f", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/" - }, - { - "name" : "FEDORA-2016-2eac99579c", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/" - }, - { - "name" : "FEDORA-2016-8ed6b7bb5e", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/" - }, - { - "name" : "FEDORA-2016-adb346980c", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/" - }, - { - "name" : "FEDORA-2016-dc53ceffc2", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/" - }, - { - "name" : "GLSA-201610-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-09" - }, - { - "name" : "RHSA-2016:1854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1854.html" - }, - { - "name" : "openSUSE-SU-2016:2349", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html" - }, - { - "name" : "SUSE-SU-2016:2251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:2250", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html" - }, - { - "name" : "openSUSE-SU-2016:2296", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html" - }, - { - "name" : "92717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92717" - }, - { - "name" : "1036729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:2250", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html" + }, + { + "name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", + "refsource": "CONFIRM", + "url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" + }, + { + "name": "https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea", + "refsource": "CONFIRM", + "url": "https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea" + }, + { + "name": "SUSE-SU-2016:2251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html" + }, + { + "name": "92717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92717" + }, + { + "name": "1036729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036729" + }, + { + "name": "FEDORA-2016-231f53426b", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/" + }, + { + "name": "FEDORA-2016-8ed6b7bb5e", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/" + }, + { + "name": "[oss-security] 20160908 Re: CVE Request: OpenJPEG Heap Buffer Overflow Issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/08/5" + }, + { + "name": "https://pdfium.googlesource.com/pdfium/+/b6befb2ed2485a3805cddea86dc7574510178ea9", + "refsource": "CONFIRM", + "url": "https://pdfium.googlesource.com/pdfium/+/b6befb2ed2485a3805cddea86dc7574510178ea9" + }, + { + "name": "DSA-4013", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4013" + }, + { + "name": "openSUSE-SU-2016:2349", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html" + }, + { + "name": "DSA-3660", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3660" + }, + { + "name": "https://crbug.com/632622", + "refsource": "CONFIRM", + "url": "https://crbug.com/632622" + }, + { + "name": "FEDORA-2016-dc53ceffc2", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/" + }, + { + "name": "GLSA-201610-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-09" + }, + { + "name": "openSUSE-SU-2016:2296", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html" + }, + { + "name": "RHSA-2016:1854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html" + }, + { + "name": "FEDORA-2016-2eac99579c", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/" + }, + { + "name": "FEDORA-2016-27d3b7742f", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/" + }, + { + "name": "FEDORA-2016-adb346980c", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1374337", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374337" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5162.json b/2016/5xxx/CVE-2016-5162.json index c1a5307b929..56a8e71ec51 100644 --- a/2016/5xxx/CVE-2016-5162.json +++ b/2016/5xxx/CVE-2016-5162.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://codereview.chromium.org/2007133004", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2007133004" - }, - { - "name" : "https://crbug.com/589237", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/589237" - }, - { - "name" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", - "refsource" : "CONFIRM", - "url" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" - }, - { - "name" : "DSA-3660", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3660" - }, - { - "name" : "GLSA-201610-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-09" - }, - { - "name" : "RHSA-2016:1854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1854.html" - }, - { - "name" : "openSUSE-SU-2016:2349", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html" - }, - { - "name" : "SUSE-SU-2016:2251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:2250", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html" - }, - { - "name" : "openSUSE-SU-2016:2296", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html" - }, - { - "name" : "92717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92717" - }, - { - "name" : "1036729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:2250", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html" + }, + { + "name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", + "refsource": "CONFIRM", + "url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" + }, + { + "name": "SUSE-SU-2016:2251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html" + }, + { + "name": "92717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92717" + }, + { + "name": "1036729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036729" + }, + { + "name": "openSUSE-SU-2016:2349", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html" + }, + { + "name": "https://crbug.com/589237", + "refsource": "CONFIRM", + "url": "https://crbug.com/589237" + }, + { + "name": "https://codereview.chromium.org/2007133004", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2007133004" + }, + { + "name": "DSA-3660", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3660" + }, + { + "name": "GLSA-201610-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-09" + }, + { + "name": "openSUSE-SU-2016:2296", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html" + }, + { + "name": "RHSA-2016:1854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5203.json b/2016/5xxx/CVE-2016-5203.json index 54fb8184b82..96eff01b383 100644 --- a/2016/5xxx/CVE-2016-5203.json +++ b/2016/5xxx/CVE-2016-5203.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-5203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/644219", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/644219" - }, - { - "name" : "GLSA-201612-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-11" - }, - { - "name" : "RHSA-2016:2919", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2919.html" - }, - { - "name" : "94633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2919", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2919.html" + }, + { + "name": "94633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94633" + }, + { + "name": "https://crbug.com/644219", + "refsource": "CONFIRM", + "url": "https://crbug.com/644219" + }, + { + "name": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201612-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-11" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5578.json b/2016/5xxx/CVE-2016-5578.json index 6b10d6d2d31..fe3fbf4905c 100644 --- a/2016/5xxx/CVE-2016-5578.json +++ b/2016/5xxx/CVE-2016-5578.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5579, and CVE-2016-5588." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "93714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93714" - }, - { - "name" : "1037051", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5579, and CVE-2016-5588." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "1037051", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037051" + }, + { + "name": "93714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93714" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5762.json b/2016/5xxx/CVE-2016-5762.json index f8899f2f612..a73e990bcb8 100644 --- a/2016/5xxx/CVE-2016-5762.json +++ b/2016/5xxx/CVE-2016-5762.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-5762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539296/100/0/threaded" - }, - { - "name" : "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/123" - }, - { - "name" : "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7017975", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7017975" - }, - { - "name" : "92642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92642" + }, + { + "name": "https://www.novell.com/support/kb/doc.php?id=7017975", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7017975" + }, + { + "name": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html" + }, + { + "name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539296/100/0/threaded" + }, + { + "name": "20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/123" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0193.json b/2019/0xxx/CVE-2019-0193.json index 088e47f2325..86154ff380b 100644 --- a/2019/0xxx/CVE-2019-0193.json +++ b/2019/0xxx/CVE-2019-0193.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0193", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0193", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0558.json b/2019/0xxx/CVE-2019-0558.json index 931ca0e6bb1..1c3a5eb23a0 100644 --- a/2019/0xxx/CVE-2019-0558.json +++ b/2019/0xxx/CVE-2019-0558.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2019-0558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint Server", - "version" : { - "version_data" : [ - { - "version_value" : "2019" - } - ] - } - }, - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Enterprise Server 2013 Service Pack 1" - }, - { - "version_value" : "Enterprise Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Business Productivity Servers", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Enterprise Server 2013 Service Pack 1" + }, + { + "version_value": "Enterprise Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Business Productivity Servers", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558" - }, - { - "name" : "106389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558" + }, + { + "name": "106389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106389" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0587.json b/2019/0xxx/CVE-2019-0587.json index 79d7bc7e386..ce6a70438a0 100644 --- a/2019/0xxx/CVE-2019-0587.json +++ b/2019/0xxx/CVE-2019-0587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0662.json b/2019/0xxx/CVE-2019-0662.json index 1e909b5d9d4..8c76a5c9a8e 100644 --- a/2019/0xxx/CVE-2019-0662.json +++ b/2019/0xxx/CVE-2019-0662.json @@ -1,185 +1,185 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2019-0662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "8.1 for 32-bit systems" - }, - { - "version_value" : "8.1 for x64-based systems" - }, - { - "version_value" : "RT 8.1" - }, - { - "version_value" : "10 for 32-bit Systems" - }, - { - "version_value" : "10 for x64-based Systems" - }, - { - "version_value" : "10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "10 Version 1709 for ARM64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server", - "version" : { - "version_data" : [ - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value" : "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value" : "2012" - }, - { - "version_value" : "2012 (Core installation)" - }, - { - "version_value" : "2012 R2" - }, - { - "version_value" : "2012 R2 (Core installation)" - }, - { - "version_value" : "2016" - }, - { - "version_value" : "2016 (Core installation)" - }, - { - "version_value" : "version 1709 (Core Installation)" - }, - { - "version_value" : "version 1803 (Core Installation)" - }, - { - "version_value" : "2019" - }, - { - "version_value" : "2019 (Core installation)" - }, - { - "version_value" : "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "2008 for x64-based Systems Service Pack 2 (Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "10 Version 1703 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "version 1709 (Core Installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0662", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0662" - }, - { - "name" : "106888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0662", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0662" + }, + { + "name": "106888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106888" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0823.json b/2019/0xxx/CVE-2019-0823.json index cd8a7d0e63f..d9ad820db4d 100644 --- a/2019/0xxx/CVE-2019-0823.json +++ b/2019/0xxx/CVE-2019-0823.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0823", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0823", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1012.json b/2019/1xxx/CVE-2019-1012.json index 19927c46394..498527c7766 100644 --- a/2019/1xxx/CVE-2019-1012.json +++ b/2019/1xxx/CVE-2019-1012.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1012", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1012", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1102.json b/2019/1xxx/CVE-2019-1102.json index 1af76ace504..53bec1b5a19 100644 --- a/2019/1xxx/CVE-2019-1102.json +++ b/2019/1xxx/CVE-2019-1102.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1102", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1102", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1702.json b/2019/1xxx/CVE-2019-1702.json index 742a757b8cc..6c1612fb2d7 100644 --- a/2019/1xxx/CVE-2019-1702.json +++ b/2019/1xxx/CVE-2019-1702.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", - "ID" : "CVE-2019-1702", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Enterprise Chat and Email", - "version" : { - "version_data" : [ - { - "version_value" : "11.6(1)" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker's code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "6.1", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-06T16:00:00-0800", + "ID": "CVE-2019-1702", + "STATE": "PUBLIC", + "TITLE": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Enterprise Chat and Email", + "version": { + "version_data": [ + { + "version_value": "11.6(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190306 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss" - }, - { - "name" : "107314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107314" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190306-chatmail-xss", - "defect" : [ - [ - "CSCvn77926", - "CSCvn77927" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker's code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107314" + }, + { + "name": "20190306 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190306-chatmail-xss", + "defect": [ + [ + "CSCvn77926", + "CSCvn77927" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1720.json b/2019/1xxx/CVE-2019-1720.json index b69c6ee405c..c6fa3f36294 100644 --- a/2019/1xxx/CVE-2019-1720.json +++ b/2019/1xxx/CVE-2019-1720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1720", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1720", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3986.json b/2019/3xxx/CVE-2019-3986.json index a2487e4949e..dab3c310e87 100644 --- a/2019/3xxx/CVE-2019-3986.json +++ b/2019/3xxx/CVE-2019-3986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3986", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3986", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4052.json b/2019/4xxx/CVE-2019-4052.json index 4fc94150f2d..6ee07e466e3 100644 --- a/2019/4xxx/CVE-2019-4052.json +++ b/2019/4xxx/CVE-2019-4052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4133.json b/2019/4xxx/CVE-2019-4133.json index 28d1727c122..7c1e17c94db 100644 --- a/2019/4xxx/CVE-2019-4133.json +++ b/2019/4xxx/CVE-2019-4133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4139.json b/2019/4xxx/CVE-2019-4139.json index 50e07bc2681..71841cf8230 100644 --- a/2019/4xxx/CVE-2019-4139.json +++ b/2019/4xxx/CVE-2019-4139.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4139", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4139", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4799.json b/2019/4xxx/CVE-2019-4799.json index 1853dedd666..13b30e46e94 100644 --- a/2019/4xxx/CVE-2019-4799.json +++ b/2019/4xxx/CVE-2019-4799.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4799", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4799", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5283.json b/2019/5xxx/CVE-2019-5283.json index 9cf57ac1664..ef76f4e4728 100644 --- a/2019/5xxx/CVE-2019-5283.json +++ b/2019/5xxx/CVE-2019-5283.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5283", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5283", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8034.json b/2019/8xxx/CVE-2019-8034.json index e096c1089a6..48defccd493 100644 --- a/2019/8xxx/CVE-2019-8034.json +++ b/2019/8xxx/CVE-2019-8034.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8034", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8034", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8056.json b/2019/8xxx/CVE-2019-8056.json index e4257b21f13..228d638c0ba 100644 --- a/2019/8xxx/CVE-2019-8056.json +++ b/2019/8xxx/CVE-2019-8056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8394.json b/2019/8xxx/CVE-2019-8394.json index 6e9c34cb238..615486517db 100644 --- a/2019/8xxx/CVE-2019-8394.json +++ b/2019/8xxx/CVE-2019-8394.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46413", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46413/" - }, - { - "name" : "https://www.manageengine.com/products/service-desk/readme.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/service-desk/readme.html" - }, - { - "name" : "107129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46413", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46413/" + }, + { + "name": "107129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107129" + }, + { + "name": "https://www.manageengine.com/products/service-desk/readme.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/service-desk/readme.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8482.json b/2019/8xxx/CVE-2019-8482.json index 9c2b67a2f91..b067b8db42e 100644 --- a/2019/8xxx/CVE-2019-8482.json +++ b/2019/8xxx/CVE-2019-8482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8482", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8482", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9491.json b/2019/9xxx/CVE-2019-9491.json index 500421fbdaa..a118d4b8617 100644 --- a/2019/9xxx/CVE-2019-9491.json +++ b/2019/9xxx/CVE-2019-9491.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9491", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9491", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9543.json b/2019/9xxx/CVE-2019-9543.json index 5006e889078..2dca2aa9077 100644 --- a/2019/9xxx/CVE-2019-9543.json +++ b/2019/9xxx/CVE-2019-9543.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/730", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/730" - }, - { - "name" : "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/", - "refsource" : "MISC", - "url" : "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/" - }, - { - "name" : "107238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/", + "refsource": "MISC", + "url": "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/" + }, + { + "name": "107238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107238" + }, + { + "name": "https://gitlab.freedesktop.org/poppler/poppler/issues/730", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/730" + } + ] + } +} \ No newline at end of file