diff --git a/2007/2xxx/CVE-2007-2755.json b/2007/2xxx/CVE-2007-2755.json index b64df566cd9..bc238a8008b 100644 --- a/2007/2xxx/CVE-2007-2755.json +++ b/2007/2xxx/CVE-2007-2755.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3938", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3938" - }, - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-16-bonus-ie-6-precisionid-barcode.html", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-16-bonus-ie-6-precisionid-barcode.html" - }, - { - "name" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=18", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=18" - }, - { - "name" : "24014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24014" - }, - { - "name" : "37957", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37957" - }, - { - "name" : "precisionid-precisionid-file-overwrite(34337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-16-bonus-ie-6-precisionid-barcode.html", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-16-bonus-ie-6-precisionid-barcode.html" + }, + { + "name": "37957", + "refsource": "OSVDB", + "url": "http://osvdb.org/37957" + }, + { + "name": "24014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24014" + }, + { + "name": "precisionid-precisionid-file-overwrite(34337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34337" + }, + { + "name": "3938", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3938" + }, + { + "name": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=18", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/viewtopic.php?id=42&t_id=18" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2791.json b/2007/2xxx/CVE-2007-2791.json index e5f4c97e332..8efe20938f5 100644 --- a/2007/2xxx/CVE-2007-2791.json +++ b/2007/2xxx/CVE-2007-2791.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBTU02209", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01007552" - }, - { - "name" : "SSRT071323", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01007552" - }, - { - "name" : "24021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24021" - }, - { - "name" : "36204", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36204" - }, - { - "name" : "ADV-2007-1851", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1851" - }, - { - "name" : "1018065", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018065" - }, - { - "name" : "24036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24036" - }, - { - "name" : "hp-ssh-information-disclosure(34329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1851", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1851" + }, + { + "name": "1018065", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018065" + }, + { + "name": "24036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24036" + }, + { + "name": "hp-ssh-information-disclosure(34329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34329" + }, + { + "name": "SSRT071323", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01007552" + }, + { + "name": "24021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24021" + }, + { + "name": "HPSBTU02209", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01007552" + }, + { + "name": "36204", + "refsource": "OSVDB", + "url": "http://osvdb.org/36204" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3003.json b/2007/3xxx/CVE-2007-3003.json index 1aae6a33f42..61d419a8d62 100644 --- a/2007/3xxx/CVE-2007-3003.json +++ b/2007/3xxx/CVE-2007-3003.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070531 MyBloggie 2.1.6 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470112/100/0/threaded" - }, - { - "name" : "24249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24249" - }, - { - "name" : "38345", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38345" - }, - { - "name" : "2769", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2769" - }, - { - "name" : "mybloggie-catidyear-sql-injection(34627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybloggie-catidyear-sql-injection(34627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627" + }, + { + "name": "2769", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2769" + }, + { + "name": "20070531 MyBloggie 2.1.6 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470112/100/0/threaded" + }, + { + "name": "24249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24249" + }, + { + "name": "38345", + "refsource": "OSVDB", + "url": "http://osvdb.org/38345" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3292.json b/2007/3xxx/CVE-2007-3292.json index ac7a17babe2..9d91f766725 100644 --- a/2007/3xxx/CVE-2007-3292.json +++ b/2007/3xxx/CVE-2007-3292.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for \"a small image\" associated with an article." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4082", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4082" - }, - { - "name" : "24580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24580" - }, - { - "name" : "37492", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37492" - }, - { - "name" : "livecms-articleimage-file-upload(35149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for \"a small image\" associated with an article." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24580" + }, + { + "name": "4082", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4082" + }, + { + "name": "livecms-articleimage-file-upload(35149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35149" + }, + { + "name": "37492", + "refsource": "OSVDB", + "url": "http://osvdb.org/37492" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3344.json b/2007/3xxx/CVE-2007-3344.json index e94049eb242..e9d5c0db814 100644 --- a/2007/3xxx/CVE-2007-3344.json +++ b/2007/3xxx/CVE-2007-3344.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. NOTE: the attack also reveals the installation path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/06/netjukebox-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/06/netjukebox-vuln.html" - }, - { - "name" : "http://www.netjukebox.nl/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.netjukebox.nl/changelog.php" - }, - { - "name" : "24577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24577" - }, - { - "name" : "ADV-2007-2292", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2292" - }, - { - "name" : "36892", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36892" - }, - { - "name" : "36893", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36893" - }, - { - "name" : "25741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25741" - }, - { - "name" : "netjukebox-index-xss(35007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. NOTE: the attack also reveals the installation path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2292", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2292" + }, + { + "name": "http://pridels-team.blogspot.com/2007/06/netjukebox-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/06/netjukebox-vuln.html" + }, + { + "name": "http://www.netjukebox.nl/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.netjukebox.nl/changelog.php" + }, + { + "name": "netjukebox-index-xss(35007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35007" + }, + { + "name": "36893", + "refsource": "OSVDB", + "url": "http://osvdb.org/36893" + }, + { + "name": "24577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24577" + }, + { + "name": "36892", + "refsource": "OSVDB", + "url": "http://osvdb.org/36892" + }, + { + "name": "25741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25741" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3615.json b/2007/3xxx/CVE-2007-3615.json index f227ecf8644..075d591eb97 100644 --- a/2007/3xxx/CVE-2007-3615.json +++ b/2007/3xxx/CVE-2007-3615.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070705 Internet Communication Manager Denial Of Service Attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472890/100/0/threaded" - }, - { - "name" : "20070705 Internet Communication Manager Denial Of Service Attack", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html" - }, - { - "name" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/" - }, - { - "name" : "24774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24774" - }, - { - "name" : "38095", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38095" - }, - { - "name" : "ADV-2007-2450", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2450" - }, - { - "name" : "1018336", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018336" - }, - { - "name" : "25964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25964" - }, - { - "name" : "2875", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2875" - }, - { - "name" : "sap-icman-dos(35278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070705 Internet Communication Manager Denial Of Service Attack", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html" + }, + { + "name": "sap-icman-dos(35278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35278" + }, + { + "name": "20070705 Internet Communication Manager Denial Of Service Attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472890/100/0/threaded" + }, + { + "name": "38095", + "refsource": "OSVDB", + "url": "http://osvdb.org/38095" + }, + { + "name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/" + }, + { + "name": "25964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25964" + }, + { + "name": "1018336", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018336" + }, + { + "name": "ADV-2007-2450", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2450" + }, + { + "name": "24774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24774" + }, + { + "name": "2875", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2875" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3649.json b/2007/3xxx/CVE-2007-3649.json index 121292ad4e9..ed72debb9d9 100644 --- a/2007/3xxx/CVE-2007-3649.json +++ b/2007/3xxx/CVE-2007-3649.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4155", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4155" - }, - { - "name" : "24793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24793" - }, - { - "name" : "45800", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45800" - }, - { - "name" : "hp-digital-hpqvwocx-file-overwrite(35288)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4155", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4155" + }, + { + "name": "24793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24793" + }, + { + "name": "hp-digital-hpqvwocx-file-overwrite(35288)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35288" + }, + { + "name": "45800", + "refsource": "OSVDB", + "url": "http://osvdb.org/45800" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3728.json b/2007/3xxx/CVE-2007-3728.json index f081a1e3cb7..728de1832dd 100644 --- a/2007/3xxx/CVE-2007-3728.json +++ b/2007/3xxx/CVE-2007-3728.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via \"NICK_CHANGE\" notifications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://silcnet.org/docs/changelog/changes.txt", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/docs/changelog/changes.txt" - }, - { - "name" : "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2", - "refsource" : "CONFIRM", - "url" : "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2" - }, - { - "name" : "24795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24795" - }, - { - "name" : "ADV-2007-2454", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2454" - }, - { - "name" : "36730", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36730" - }, - { - "name" : "25939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25939" - }, - { - "name" : "silc-clienttoolkit-nickchange-bo(35281)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via \"NICK_CHANGE\" notifications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36730", + "refsource": "OSVDB", + "url": "http://osvdb.org/36730" + }, + { + "name": "24795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24795" + }, + { + "name": "silc-clienttoolkit-nickchange-bo(35281)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35281" + }, + { + "name": "25939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25939" + }, + { + "name": "http://silcnet.org/docs/changelog/changes.txt", + "refsource": "CONFIRM", + "url": "http://silcnet.org/docs/changelog/changes.txt" + }, + { + "name": "ADV-2007-2454", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2454" + }, + { + "name": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2", + "refsource": "CONFIRM", + "url": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3762.json b/2007/3xxx/CVE-2007-3762.json index e9b0866a7d6..268fd9fefa1 100644 --- a/2007/3xxx/CVE-2007-3762.json +++ b/2007/3xxx/CVE-2007-3762.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf", - "refsource" : "CONFIRM", - "url" : "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=185713", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=185713" - }, - { - "name" : "DSA-1358", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1358" - }, - { - "name" : "GLSA-200802-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200802-11.xml" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "24949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24949" - }, - { - "name" : "ADV-2007-2563", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2563" - }, - { - "name" : "1018407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018407" - }, - { - "name" : "26099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26099" - }, - { - "name" : "29051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29051" - }, - { - "name" : "asterisk-iax2channeldriver-bo(35466)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "asterisk-iax2channeldriver-bo(35466)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466" + }, + { + "name": "26099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26099" + }, + { + "name": "1018407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018407" + }, + { + "name": "GLSA-200802-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml" + }, + { + "name": "29051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29051" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=185713", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713" + }, + { + "name": "ADV-2007-2563", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2563" + }, + { + "name": "DSA-1358", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1358" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + }, + { + "name": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf", + "refsource": "CONFIRM", + "url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf" + }, + { + "name": "24949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24949" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4066.json b/2007/4xxx/CVE-2007-4066.json index 51d94df77f3..38bf48147b8 100644 --- a/2007/4xxx/CVE-2007-4066.json +++ b/2007/4xxx/CVE-2007-4066.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-4066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.xiph.org/trunk/vorbis/CHANGES", - "refsource" : "MISC", - "url" : "http://svn.xiph.org/trunk/vorbis/CHANGES" - }, - { - "name" : "https://trac.xiph.org/changeset/13162", - "refsource" : "MISC", - "url" : "https://trac.xiph.org/changeset/13162" - }, - { - "name" : "https://trac.xiph.org/changeset/13169", - "refsource" : "MISC", - "url" : "https://trac.xiph.org/changeset/13169" - }, - { - "name" : "https://trac.xiph.org/changeset/13170", - "refsource" : "MISC", - "url" : "https://trac.xiph.org/changeset/13170" - }, - { - "name" : "https://trac.xiph.org/changeset/13172", - "refsource" : "MISC", - "url" : "https://trac.xiph.org/changeset/13172" - }, - { - "name" : "https://trac.xiph.org/changeset/13211", - "refsource" : "MISC", - "url" : "https://trac.xiph.org/changeset/13211" - }, - { - "name" : "https://trac.xiph.org/changeset/13215", - "refsource" : "MISC", - "url" : "https://trac.xiph.org/changeset/13215" - }, - { - "name" : "https://trac.xiph.org/ticket/853", - "refsource" : "MISC", - "url" : "https://trac.xiph.org/ticket/853" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=249780", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=249780" - }, - { - "name" : "https://trac.xiph.org/changeset/13168", - "refsource" : "CONFIRM", - "url" : "https://trac.xiph.org/changeset/13168" - }, - { - "name" : "https://trac.xiph.org/ticket/300", - "refsource" : "CONFIRM", - "url" : "https://trac.xiph.org/ticket/300" - }, - { - "name" : "DSA-1471", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1471" - }, - { - "name" : "GLSA-200710-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-03.xml" - }, - { - "name" : "MDKSA-2007:194", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194" - }, - { - "name" : "RHSA-2007:0845", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0845.html" - }, - { - "name" : "RHSA-2007:0912", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0912.html" - }, - { - "name" : "SUSE-SR:2007:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_23_sr.html" - }, - { - "name" : "oval:org.mitre.oval:def:11453", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453" - }, - { - "name" : "1018712", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018712" - }, - { - "name" : "26865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26865" - }, - { - "name" : "27099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27099" - }, - { - "name" : "24923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24923" - }, - { - "name" : "27170", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27170" - }, - { - "name" : "27439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27439" - }, - { - "name" : "28614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://trac.xiph.org/changeset/13168", + "refsource": "CONFIRM", + "url": "https://trac.xiph.org/changeset/13168" + }, + { + "name": "https://trac.xiph.org/changeset/13172", + "refsource": "MISC", + "url": "https://trac.xiph.org/changeset/13172" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=249780", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780" + }, + { + "name": "28614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28614" + }, + { + "name": "DSA-1471", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1471" + }, + { + "name": "RHSA-2007:0912", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html" + }, + { + "name": "GLSA-200710-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml" + }, + { + "name": "27170", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27170" + }, + { + "name": "1018712", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018712" + }, + { + "name": "https://trac.xiph.org/changeset/13170", + "refsource": "MISC", + "url": "https://trac.xiph.org/changeset/13170" + }, + { + "name": "http://svn.xiph.org/trunk/vorbis/CHANGES", + "refsource": "MISC", + "url": "http://svn.xiph.org/trunk/vorbis/CHANGES" + }, + { + "name": "https://trac.xiph.org/changeset/13211", + "refsource": "MISC", + "url": "https://trac.xiph.org/changeset/13211" + }, + { + "name": "https://trac.xiph.org/changeset/13169", + "refsource": "MISC", + "url": "https://trac.xiph.org/changeset/13169" + }, + { + "name": "MDKSA-2007:194", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:194" + }, + { + "name": "24923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24923" + }, + { + "name": "https://trac.xiph.org/ticket/853", + "refsource": "MISC", + "url": "https://trac.xiph.org/ticket/853" + }, + { + "name": "27439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27439" + }, + { + "name": "https://trac.xiph.org/changeset/13162", + "refsource": "MISC", + "url": "https://trac.xiph.org/changeset/13162" + }, + { + "name": "https://trac.xiph.org/ticket/300", + "refsource": "CONFIRM", + "url": "https://trac.xiph.org/ticket/300" + }, + { + "name": "27099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27099" + }, + { + "name": "https://trac.xiph.org/changeset/13215", + "refsource": "MISC", + "url": "https://trac.xiph.org/changeset/13215" + }, + { + "name": "26865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26865" + }, + { + "name": "SUSE-SR:2007:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html" + }, + { + "name": "oval:org.mitre.oval:def:11453", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453" + }, + { + "name": "RHSA-2007:0845", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4589.json b/2007/4xxx/CVE-2007-4589.json index a105f31bec9..03d5f4a3f1f 100644 --- a/2007/4xxx/CVE-2007-4589.json +++ b/2007/4xxx/CVE-2007-4589.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477848/100/0/threaded" - }, - { - "name" : "http://www.hackerscenter.com/archive/view.asp?id=27884", - "refsource" : "MISC", - "url" : "http://www.hackerscenter.com/archive/view.asp?id=27884" - }, - { - "name" : "http://interworx.com/forums/showthread.php?t=2501", - "refsource" : "CONFIRM", - "url" : "http://interworx.com/forums/showthread.php?t=2501" - }, - { - "name" : "25451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25451" - }, - { - "name" : "36767", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36767" - }, - { - "name" : "36768", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36768" - }, - { - "name" : "36769", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36769" - }, - { - "name" : "36770", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36770" - }, - { - "name" : "36771", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36771" - }, - { - "name" : "36772", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36772" - }, - { - "name" : "36773", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36773" - }, - { - "name" : "36774", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36774" - }, - { - "name" : "36775", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36775" - }, - { - "name" : "36776", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36776" - }, - { - "name" : "36777", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36777" - }, - { - "name" : "36778", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36778" - }, - { - "name" : "36779", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36779" - }, - { - "name" : "36780", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36780" - }, - { - "name" : "26586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26586" - }, - { - "name" : "3070", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3070" - }, - { - "name" : "interworx-siteworx-multiple-file-include(36300)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36300" - }, - { - "name" : "interworxcp-index-xss(36297)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36778", + "refsource": "OSVDB", + "url": "http://osvdb.org/36778" + }, + { + "name": "25451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25451" + }, + { + "name": "3070", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3070" + }, + { + "name": "http://interworx.com/forums/showthread.php?t=2501", + "refsource": "CONFIRM", + "url": "http://interworx.com/forums/showthread.php?t=2501" + }, + { + "name": "36772", + "refsource": "OSVDB", + "url": "http://osvdb.org/36772" + }, + { + "name": "36775", + "refsource": "OSVDB", + "url": "http://osvdb.org/36775" + }, + { + "name": "36771", + "refsource": "OSVDB", + "url": "http://osvdb.org/36771" + }, + { + "name": "36776", + "refsource": "OSVDB", + "url": "http://osvdb.org/36776" + }, + { + "name": "36773", + "refsource": "OSVDB", + "url": "http://osvdb.org/36773" + }, + { + "name": "36780", + "refsource": "OSVDB", + "url": "http://osvdb.org/36780" + }, + { + "name": "36779", + "refsource": "OSVDB", + "url": "http://osvdb.org/36779" + }, + { + "name": "36768", + "refsource": "OSVDB", + "url": "http://osvdb.org/36768" + }, + { + "name": "36774", + "refsource": "OSVDB", + "url": "http://osvdb.org/36774" + }, + { + "name": "http://www.hackerscenter.com/archive/view.asp?id=27884", + "refsource": "MISC", + "url": "http://www.hackerscenter.com/archive/view.asp?id=27884" + }, + { + "name": "26586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26586" + }, + { + "name": "20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477848/100/0/threaded" + }, + { + "name": "36777", + "refsource": "OSVDB", + "url": "http://osvdb.org/36777" + }, + { + "name": "36769", + "refsource": "OSVDB", + "url": "http://osvdb.org/36769" + }, + { + "name": "36767", + "refsource": "OSVDB", + "url": "http://osvdb.org/36767" + }, + { + "name": "interworx-siteworx-multiple-file-include(36300)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36300" + }, + { + "name": "interworxcp-index-xss(36297)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297" + }, + { + "name": "36770", + "refsource": "OSVDB", + "url": "http://osvdb.org/36770" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4955.json b/2007/4xxx/CVE-2007-4955.json index 3f6bf2f2d87..3051a774bcd 100644 --- a/2007/4xxx/CVE-2007-4955.json +++ b/2007/4xxx/CVE-2007-4955.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4415", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4415" - }, - { - "name" : "25680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25680" - }, - { - "name" : "26799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26799" - }, - { - "name" : "flashfun-mosconfig-file-include(36638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25680" + }, + { + "name": "4415", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4415" + }, + { + "name": "flashfun-mosconfig-file-include(36638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36638" + }, + { + "name": "26799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26799" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4987.json b/2007/4xxx/CVE-2007-4987.json index 5b895106047..38b9e2eddc1 100644 --- a/2007/4xxx/CVE-2007-4987.json +++ b/2007/4xxx/CVE-2007-4987.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\\0' character to an out-of-bounds address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070919 Multiple Vendor ImageMagick Off-By-One Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595" - }, - { - "name" : "20071112 FLEA-2007-0066-1 ImageMagick", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483572/100/0/threaded" - }, - { - "name" : "[Magick-announce] 20070917 ImageMagick 6.3.5-9, important security updates", - "refsource" : "MLIST", - "url" : "http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html" - }, - { - "name" : "http://www.imagemagick.org/script/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.imagemagick.org/script/changelog.php" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1743", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1743" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=186030", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=186030" - }, - { - "name" : "DSA-1858", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1858" - }, - { - "name" : "GLSA-200710-27", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-27.xml" - }, - { - "name" : "MDVSA-2008:035", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035" - }, - { - "name" : "SUSE-SR:2007:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_23_sr.html" - }, - { - "name" : "USN-523-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-523-1" - }, - { - "name" : "25766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25766" - }, - { - "name" : "36260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36260" - }, - { - "name" : "ADV-2007-3245", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3245" - }, - { - "name" : "1018729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018729" - }, - { - "name" : "26926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26926" - }, - { - "name" : "27048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27048" - }, - { - "name" : "27309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27309" - }, - { - "name" : "27364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27364" - }, - { - "name" : "27439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27439" - }, - { - "name" : "28721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28721" - }, - { - "name" : "imagemagick-readblogstring-bo(36739)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\\0' character to an out-of-bounds address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27364" + }, + { + "name": "20071112 FLEA-2007-0066-1 ImageMagick", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483572/100/0/threaded" + }, + { + "name": "USN-523-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-523-1" + }, + { + "name": "27309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27309" + }, + { + "name": "25766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25766" + }, + { + "name": "http://www.imagemagick.org/script/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.imagemagick.org/script/changelog.php" + }, + { + "name": "imagemagick-readblogstring-bo(36739)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36739" + }, + { + "name": "ADV-2007-3245", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3245" + }, + { + "name": "GLSA-200710-27", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-27.xml" + }, + { + "name": "1018729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018729" + }, + { + "name": "27048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27048" + }, + { + "name": "28721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28721" + }, + { + "name": "27439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27439" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1743", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1743" + }, + { + "name": "DSA-1858", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1858" + }, + { + "name": "[Magick-announce] 20070917 ImageMagick 6.3.5-9, important security updates", + "refsource": "MLIST", + "url": "http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html" + }, + { + "name": "26926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26926" + }, + { + "name": "MDVSA-2008:035", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035" + }, + { + "name": "20070919 Multiple Vendor ImageMagick Off-By-One Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=186030", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=186030" + }, + { + "name": "SUSE-SR:2007:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html" + }, + { + "name": "36260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36260" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6203.json b/2007/6xxx/CVE-2007-6203.json index b9df61fe01f..a4f465154c6 100644 --- a/2007/6xxx/CVE-2007-6203.json +++ b/2007/6xxx/CVE-2007-6203.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484410/100/0/threaded" - }, - { - "name" : "http://procheckup.com/Vulnerability_PR07-37.php", - "refsource" : "MISC", - "url" : "http://procheckup.com/Vulnerability_PR07-37.php" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" - }, - { - "name" : "PK57952", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952" - }, - { - "name" : "PK65782", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "GLSA-200803-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-19.xml" - }, - { - "name" : "HPSBUX02465", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2" - }, - { - "name" : "SSRT090192", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2" - }, - { - "name" : "HPSBUX02612", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" - }, - { - "name" : "SSRT100345", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" - }, - { - "name" : "SUSE-SA:2008:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" - }, - { - "name" : "USN-731-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-731-1" - }, - { - "name" : "26663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26663" - }, - { - "name" : "oval:org.mitre.oval:def:12166", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166" - }, - { - "name" : "34219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34219" - }, - { - "name" : "ADV-2007-4060", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4060" - }, - { - "name" : "ADV-2007-4301", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4301" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "ADV-2008-1623", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1623/references" - }, - { - "name" : "ADV-2008-1875", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1875/references" - }, - { - "name" : "1019030", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019030" - }, - { - "name" : "27906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27906" - }, - { - "name" : "28196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28196" - }, - { - "name" : "29348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29348" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "29640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29640" - }, - { - "name" : "30356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30356" - }, - { - "name" : "30732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30732" - }, - { - "name" : "33105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33105" - }, - { - "name" : "3411", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3411" - }, - { - "name" : "apache-413error-xss(38800)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PK57952", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952" + }, + { + "name": "GLSA-200803-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml" + }, + { + "name": "26663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26663" + }, + { + "name": "oval:org.mitre.oval:def:12166", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166" + }, + { + "name": "34219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34219" + }, + { + "name": "HPSBUX02465", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2" + }, + { + "name": "27906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27906" + }, + { + "name": "ADV-2008-1623", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1623/references" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "SSRT090192", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2" + }, + { + "name": "3411", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3411" + }, + { + "name": "ADV-2007-4301", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4301" + }, + { + "name": "USN-731-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-731-1" + }, + { + "name": "HPSBUX02612", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "ADV-2007-4060", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4060" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "33105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33105" + }, + { + "name": "1019030", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019030" + }, + { + "name": "PK65782", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245" + }, + { + "name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded" + }, + { + "name": "29348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29348" + }, + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" + }, + { + "name": "28196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28196" + }, + { + "name": "SUSE-SA:2008:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" + }, + { + "name": "30356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30356" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "SSRT100345", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2" + }, + { + "name": "29640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29640" + }, + { + "name": "apache-413error-xss(38800)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800" + }, + { + "name": "ADV-2008-1875", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1875/references" + }, + { + "name": "30732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30732" + }, + { + "name": "http://procheckup.com/Vulnerability_PR07-37.php", + "refsource": "MISC", + "url": "http://procheckup.com/Vulnerability_PR07-37.php" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6546.json b/2007/6xxx/CVE-2007-6546.json index d382b43d8d7..c36b724d238 100644 --- a/2007/6xxx/CVE-2007-6546.json +++ b/2007/6xxx/CVE-2007-6546.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485512/100/0/threaded" - }, - { - "name" : "4790", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4790" - }, - { - "name" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131", - "refsource" : "MISC", - "url" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131" - }, - { - "name" : "27019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27019" - }, - { - "name" : "41245", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41245" - }, - { - "name" : "3493", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4790", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4790" + }, + { + "name": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131", + "refsource": "MISC", + "url": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131" + }, + { + "name": "27019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27019" + }, + { + "name": "41245", + "refsource": "OSVDB", + "url": "http://osvdb.org/41245" + }, + { + "name": "3493", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3493" + }, + { + "name": "20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485512/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6699.json b/2007/6xxx/CVE-2007-6699.json index bc2f6623e8e..62b57761294 100644 --- a/2007/6xxx/CVE-2007-6699.json +++ b/2007/6xxx/CVE-2007-6699.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071225 AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2007/Dec/0561.html" - }, - { - "name" : "20071227 Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2007/Dec/0574.html" - }, - { - "name" : "27026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27026" - }, - { - "name" : "41198", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41198" - }, - { - "name" : "1019143", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019143", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019143" + }, + { + "name": "20071225 AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2007/Dec/0561.html" + }, + { + "name": "20071227 Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2007/Dec/0574.html" + }, + { + "name": "27026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27026" + }, + { + "name": "41198", + "refsource": "OSVDB", + "url": "http://osvdb.org/41198" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1555.json b/2010/1xxx/CVE-2010-1555.json index 6c1cae44b15..9db824b9d64 100644 --- a/2010/1xxx/CVE-2010-1555.json +++ b/2010/1xxx/CVE-2010-1555.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100511 ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511250/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-086/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-086/" - }, - { - "name" : "HPSBMA02527", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "SSRT010098", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "SSRT090230", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "40072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT010098", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "20100511 ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511250/100/0/threaded" + }, + { + "name": "40072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40072" + }, + { + "name": "HPSBMA02527", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "SSRT090230", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-086/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-086/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1680.json b/2010/1xxx/CVE-2010-1680.json index 1dc96f16ce2..b55e8338d7f 100644 --- a/2010/1xxx/CVE-2010-1680.json +++ b/2010/1xxx/CVE-2010-1680.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1680", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-1680", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5125.json b/2010/5xxx/CVE-2010-5125.json index 0e2cc2bbf8e..b9cbacaddd9 100644 --- a/2010/5xxx/CVE-2010-5125.json +++ b/2010/5xxx/CVE-2010-5125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5125", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-5125", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5161.json b/2010/5xxx/CVE-2010-5161.json index e10d8636d40..e07798a5b30 100644 --- a/2010/5xxx/CVE-2010-5161.json +++ b/2010/5xxx/CVE-2010-5161.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0249.json b/2014/0xxx/CVE-2014-0249.json index 1646ca8fa70..c145cfee9d7 100644 --- a/2014/0xxx/CVE-2014-0249.json +++ b/2014/0xxx/CVE-2014-0249.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[SSSD] 20140513 On POSIX and non-POSIX groups", - "refsource" : "MLIST", - "url" : "https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101751", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[SSSD] 20140513 On POSIX and non-POSIX groups", + "refsource": "MLIST", + "url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0485.json b/2014/0xxx/CVE-2014-0485.json index d3bfe4fc9d4..9ef2dcba382 100644 --- a/2014/0xxx/CVE-2014-0485.json +++ b/2014/0xxx/CVE-2014-0485.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-0485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140828 CVE-2014-0485: unsafe Python pickle in s3ql", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/08/28/3" - }, - { - "name" : "https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8", - "refsource" : "CONFIRM", - "url" : "https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8" - }, - { - "name" : "DSA-3013", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8", + "refsource": "CONFIRM", + "url": "https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8" + }, + { + "name": "DSA-3013", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3013" + }, + { + "name": "[oss-security] 20140828 CVE-2014-0485: unsafe Python pickle in s3ql", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/08/28/3" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1437.json b/2014/1xxx/CVE-2014-1437.json index bca6e2d69f2..f379418ee89 100644 --- a/2014/1xxx/CVE-2014-1437.json +++ b/2014/1xxx/CVE-2014-1437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1437", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1437", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1718.json b/2014/1xxx/CVE-2014-1718.json index 91b4e1bcc39..87feeffa989 100644 --- a/2014/1xxx/CVE-2014-1718.json +++ b/2014/1xxx/CVE-2014-1718.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-1718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=348332", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=348332" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=257417&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=257417&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=258418&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=258418&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=260969&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=260969&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=261817&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=261817&view=revision" - }, - { - "name" : "DSA-2905", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2905" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "openSUSE-SU-2014:0601", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=348332", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=348332" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=257417&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=257417&view=revision" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=260969&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=260969&view=revision" + }, + { + "name": "openSUSE-SU-2014:0601", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "DSA-2905", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2905" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=258418&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=258418&view=revision" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=261817&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=261817&view=revision" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1863.json b/2014/1xxx/CVE-2014-1863.json index 56db627fc5b..8fe0a3398ce 100644 --- a/2014/1xxx/CVE-2014-1863.json +++ b/2014/1xxx/CVE-2014-1863.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1863", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1863", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5127.json b/2014/5xxx/CVE-2014-5127.json index 0b67ebfbf66..abb6cba4618 100644 --- a/2014/5xxx/CVE-2014-5127.json +++ b/2014/5xxx/CVE-2014-5127.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140827 Encore Discovery Solution Multiple Vulnerability Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533233/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128013/Encore-Discovery-Solution-4.3-Open-Redirect-Session-Token-In-URL.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128013/Encore-Discovery-Solution-4.3-Open-Redirect-Session-Token-In-URL.html" - }, - { - "name" : "69427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69427" - }, - { - "name" : "encore-discovery-cve20145127-open-redirect(95568)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "encore-discovery-cve20145127-open-redirect(95568)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95568" + }, + { + "name": "http://packetstormsecurity.com/files/128013/Encore-Discovery-Solution-4.3-Open-Redirect-Session-Token-In-URL.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128013/Encore-Discovery-Solution-4.3-Open-Redirect-Session-Token-In-URL.html" + }, + { + "name": "20140827 Encore Discovery Solution Multiple Vulnerability Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533233/100/0/threaded" + }, + { + "name": "69427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69427" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5395.json b/2014/5xxx/CVE-2014-5395.json index fd90f1e873f..73d7805d20a 100644 --- a/2014/5xxx/CVE-2014-5395.json +++ b/2014/5xxx/CVE-2014-5395.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46092", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46092/" - }, - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm" - }, - { - "name" : "69162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm" + }, + { + "name": "69162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69162" + }, + { + "name": "46092", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46092/" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5852.json b/2014/5xxx/CVE-2014-5852.json index d35f6545bcb..9599f0c213a 100644 --- a/2014/5xxx/CVE-2014-5852.json +++ b/2014/5xxx/CVE-2014-5852.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Kakao (aka com.com2us.tinypang.kakao.freefull2.google.global.android.common) application 2.11.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#796249", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/796249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kakao (aka com.com2us.tinypang.kakao.freefull2.google.global.android.common) application 2.11.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#796249", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/796249" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5934.json b/2014/5xxx/CVE-2014-5934.json index 04182d617aa..19f619d6a2e 100644 --- a/2014/5xxx/CVE-2014-5934.json +++ b/2014/5xxx/CVE-2014-5934.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#220201", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/220201" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#220201", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/220201" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2199.json b/2015/2xxx/CVE-2015-2199.json index fa6969d6d93..ce323b5008d 100644 --- a/2015/2xxx/CVE-2015-2199.json +++ b/2015/2xxx/CVE-2015-2199.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36086", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/36086" - }, - { - "name" : "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html", - "refsource" : "MISC", - "url" : "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html" - }, - { - "name" : "http://www.wonderplugin.com/wordpress-audio-player/", - "refsource" : "MISC", - "url" : "http://www.wonderplugin.com/wordpress-audio-player/" - }, - { - "name" : "118508", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/118508" - }, - { - "name" : "118509", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/118509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html", + "refsource": "MISC", + "url": "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html" + }, + { + "name": "118508", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/118508" + }, + { + "name": "36086", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/36086" + }, + { + "name": "118509", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/118509" + }, + { + "name": "http://www.wonderplugin.com/wordpress-audio-player/", + "refsource": "MISC", + "url": "http://www.wonderplugin.com/wordpress-audio-player/" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2453.json b/2015/2xxx/CVE-2015-2453.json index d3a9d9a2625..167debfe3db 100644 --- a/2015/2xxx/CVE-2015-2453.json +++ b/2015/2xxx/CVE-2015-2453.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka \"Windows CSRSS Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080" - }, - { - "name" : "1033238", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka \"Windows CSRSS Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080" + }, + { + "name": "1033238", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033238" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2517.json b/2015/2xxx/CVE-2015-2517.json index 230b58c1842..29e708d3bf3 100644 --- a/2015/2xxx/CVE-2015-2517.json +++ b/2015/2xxx/CVE-2015-2517.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-2511, CVE-2015-2518, and CVE-2015-2546." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38278", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38278/" - }, - { - "name" : "MS15-097", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097" - }, - { - "name" : "76606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76606" - }, - { - "name" : "1033485", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-2511, CVE-2015-2518, and CVE-2015-2546." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033485", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033485" + }, + { + "name": "MS15-097", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097" + }, + { + "name": "38278", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38278/" + }, + { + "name": "76606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76606" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2575.json b/2015/2xxx/CVE-2015-2575.json index d592e9338e4..e1d1d9982a9 100644 --- a/2015/2xxx/CVE-2015-2575.json +++ b/2015/2xxx/CVE-2015-2575.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20150417-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20150417-0003/" - }, - { - "name" : "DSA-3621", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3621" - }, - { - "name" : "SUSE-SU-2015:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" - }, - { - "name" : "openSUSE-SU-2015:0967", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html" - }, - { - "name" : "74075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74075" - }, - { - "name" : "1032121", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0967", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20150417-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20150417-0003/" + }, + { + "name": "DSA-3621", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3621" + }, + { + "name": "74075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74075" + }, + { + "name": "1032121", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032121" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "SUSE-SU-2015:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2641.json b/2015/2xxx/CVE-2015-2641.json index 9bf388f7c6f..ead16eeb48a 100644 --- a/2015/2xxx/CVE-2015-2641.json +++ b/2015/2xxx/CVE-2015-2641.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "GLSA-201610-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-06" - }, - { - "name" : "RHSA-2015:1630", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1630.html" - }, - { - "name" : "RHSA-2015:1646", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1646.html" - }, - { - "name" : "openSUSE-SU-2015:1629", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html" - }, - { - "name" : "USN-2674-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2674-1" - }, - { - "name" : "75815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75815" - }, - { - "name" : "1032911", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032911", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032911" + }, + { + "name": "RHSA-2015:1646", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html" + }, + { + "name": "openSUSE-SU-2015:1629", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html" + }, + { + "name": "75815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75815" + }, + { + "name": "USN-2674-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2674-1" + }, + { + "name": "GLSA-201610-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-06" + }, + { + "name": "RHSA-2015:1630", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1630.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2897.json b/2015/2xxx/CVE-2015-2897.json index c8328bd67f9..b31c6125c80 100644 --- a/2015/2xxx/CVE-2015-2897.json +++ b/2015/2xxx/CVE-2015-2897.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#628568", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/628568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#628568", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/628568" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10055.json b/2016/10xxx/CVE-2016-10055.json index 7aff7f027b6..2cf3e964722 100644 --- a/2016/10xxx/CVE-2016-10055.json +++ b/2016/10xxx/CVE-2016-10055.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/26/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410464", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410464" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1" - }, - { - "name" : "95193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410464", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410464" + }, + { + "name": "95193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95193" + }, + { + "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10286.json b/2016/10xxx/CVE-2016-10286.json index 4721aacf472..fd5dd52ccef 100644 --- a/2016/10xxx/CVE-2016-10286.json +++ b/2016/10xxx/CVE-2016-10286.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-10286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-10286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98165" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10484.json b/2016/10xxx/CVE-2016-10484.json index 27fd82a519a..a0e9e5c1155 100644 --- a/2016/10xxx/CVE-2016-10484.json +++ b/2016/10xxx/CVE-2016-10484.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20, if a RPMB listener is registered with a very small buffer size, the calculation of the maximum transfer size for read and write operations may underflow, resulting in buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer overflow to buffer overflow in RPMB" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20, if a RPMB listener is registered with a very small buffer size, the calculation of the maximum transfer size for read and write operations may underflow, resulting in buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow to buffer overflow in RPMB" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10613.json b/2016/10xxx/CVE-2016-10613.json index 5b10edaa923..e81b841c255 100644 --- a/2016/10xxx/CVE-2016-10613.json +++ b/2016/10xxx/CVE-2016-10613.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "bionode-sra node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bionode-sra node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/211", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/211", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/211" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10738.json b/2016/10xxx/CVE-2016-10738.json index c77def5b371..c499dc1e9cc 100644 --- a/2016/10xxx/CVE-2016-10738.json +++ b/2016/10xxx/CVE-2016-10738.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zenbership v107 has CSRF via admin/cp-functions/event-add.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40620", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zenbership v107 has CSRF via admin/cp-functions/event-add.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40620", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40620" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4450.json b/2016/4xxx/CVE-2016-4450.json index 8f7405acde0..12033500ddf 100644 --- a/2016/4xxx/CVE-2016-4450.json +++ b/2016/4xxx/CVE-2016-4450.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nginx-announce] 20160531 nginx security advisory (CVE-2016-4450)", - "refsource" : "MLIST", - "url" : "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" - }, - { - "name" : "DSA-3592", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3592" - }, - { - "name" : "GLSA-201606-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-06" - }, - { - "name" : "RHSA-2016:1425", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1425" - }, - { - "name" : "USN-2991-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2991-1" - }, - { - "name" : "90967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90967" - }, - { - "name" : "1036019", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036019", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036019" + }, + { + "name": "GLSA-201606-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-06" + }, + { + "name": "[nginx-announce] 20160531 nginx security advisory (CVE-2016-4450)", + "refsource": "MLIST", + "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" + }, + { + "name": "USN-2991-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2991-1" + }, + { + "name": "DSA-3592", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3592" + }, + { + "name": "RHSA-2016:1425", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1425" + }, + { + "name": "90967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90967" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4848.json b/2016/4xxx/CVE-2016-4848.json index d2f89452f18..d407af9dfe8 100644 --- a/2016/4xxx/CVE-2016-4848.json +++ b/2016/4xxx/CVE-2016-4848.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/arslancb/clipbucket/commit/ff5e37d3e1098a7ce2b9fe60389b14514932dd93", - "refsource" : "CONFIRM", - "url" : "https://github.com/arslancb/clipbucket/commit/ff5e37d3e1098a7ce2b9fe60389b14514932dd93" - }, - { - "name" : "JVN#28386124", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN28386124/index.html" - }, - { - "name" : "JVNDB-2016-000140", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000140" - }, - { - "name" : "92537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000140", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000140" + }, + { + "name": "https://github.com/arslancb/clipbucket/commit/ff5e37d3e1098a7ce2b9fe60389b14514932dd93", + "refsource": "CONFIRM", + "url": "https://github.com/arslancb/clipbucket/commit/ff5e37d3e1098a7ce2b9fe60389b14514932dd93" + }, + { + "name": "JVN#28386124", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN28386124/index.html" + }, + { + "name": "92537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92537" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4869.json b/2016/4xxx/CVE-2016-4869.json index adab072b850..efd3a660806 100644 --- a/2016/4xxx/CVE-2016-4869.json +++ b/2016/4xxx/CVE-2016-4869.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9428", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/9428" - }, - { - "name" : "JVN#09736331", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN09736331/index.html" - }, - { - "name" : "JVNDB-2016-000191", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html" - }, - { - "name" : "97715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97715" + }, + { + "name": "JVNDB-2016-000191", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html" + }, + { + "name": "JVN#09736331", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN09736331/index.html" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/9428", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/9428" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8058.json b/2016/8xxx/CVE-2016-8058.json index 4730c384297..e7eaad1e8d5 100644 --- a/2016/8xxx/CVE-2016-8058.json +++ b/2016/8xxx/CVE-2016-8058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8058", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8058", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8100.json b/2016/8xxx/CVE-2016-8100.json index 19dfd166560..79764193eb4 100644 --- a/2016/8xxx/CVE-2016-8100.json +++ b/2016/8xxx/CVE-2016-8100.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr" - }, - { - "name" : "93484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93484" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8246.json b/2016/8xxx/CVE-2016-8246.json index 00f9df9c08d..c3eafe16f00 100644 --- a/2016/8xxx/CVE-2016-8246.json +++ b/2016/8xxx/CVE-2016-8246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8246", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8246", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9242.json b/2016/9xxx/CVE-2016-9242.json index 494ef5c5027..e7c8db99926 100644 --- a/2016/9xxx/CVE-2016-9242.json +++ b/2016/9xxx/CVE-2016-9242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/exponentcms/exponent-cms/commit/6172f67620ac13fc2f4e9d650c61937d48e9ecb9", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/commit/6172f67620ac13fc2f4e9d650c61937d48e9ecb9" - }, - { - "name" : "94194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94194" + }, + { + "name": "https://github.com/exponentcms/exponent-cms/commit/6172f67620ac13fc2f4e9d650c61937d48e9ecb9", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/commit/6172f67620ac13fc2f4e9d650c61937d48e9ecb9" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9546.json b/2016/9xxx/CVE-2016-9546.json index 2aed5b6c484..5947e2c315c 100644 --- a/2016/9xxx/CVE-2016-9546.json +++ b/2016/9xxx/CVE-2016-9546.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9546", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9546", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2028.json b/2019/2xxx/CVE-2019-2028.json index ca71cfac664..76d5b086208 100644 --- a/2019/2xxx/CVE-2019-2028.json +++ b/2019/2xxx/CVE-2019-2028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2028", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2028", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2502.json b/2019/2xxx/CVE-2019-2502.json index 487e95c11f3..343cd4f143d 100644 --- a/2019/2xxx/CVE-2019-2502.json +++ b/2019/2xxx/CVE-2019-2502.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "106625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106625" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2549.json b/2019/2xxx/CVE-2019-2549.json index 38fae88d4b3..845edb3d24a 100644 --- a/2019/2xxx/CVE-2019-2549.json +++ b/2019/2xxx/CVE-2019-2549.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Direct Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Direct Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106613" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2592.json b/2019/2xxx/CVE-2019-2592.json index de3c224d7e4..645bcfcdf64 100644 --- a/2019/2xxx/CVE-2019-2592.json +++ b/2019/2xxx/CVE-2019-2592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2849.json b/2019/2xxx/CVE-2019-2849.json index ee95d01b829..31700703e52 100644 --- a/2019/2xxx/CVE-2019-2849.json +++ b/2019/2xxx/CVE-2019-2849.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2849", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2849", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3720.json b/2019/3xxx/CVE-2019-3720.json index de4cc393ba7..9df0418ece5 100644 --- a/2019/3xxx/CVE-2019-3720.json +++ b/2019/3xxx/CVE-2019-3720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3720", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3720", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3803.json b/2019/3xxx/CVE-2019-3803.json index 9be2a864309..53e2831179e 100644 --- a/2019/3xxx/CVE-2019-3803.json +++ b/2019/3xxx/CVE-2019-3803.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2019-01-10T00:00:00.000Z", - "ID" : "CVE-2019-3803", - "STATE" : "PUBLIC", - "TITLE" : "Concourse includes token in CLI authentication callback" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Concourse", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "all versions", - "version_value" : "4.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "LOW", - "baseScore" : 4.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200: Information Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-01-10T00:00:00.000Z", + "ID": "CVE-2019-3803", + "STATE": "PUBLIC", + "TITLE": "Concourse includes token in CLI authentication callback" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Concourse", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "all versions", + "version_value": "4.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2019-3803", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2019-3803" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2019-3803", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3803" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3910.json b/2019/3xxx/CVE-2019-3910.json index 2bf864f5ace..f0070a13ec3 100644 --- a/2019/3xxx/CVE-2019-3910.json +++ b/2019/3xxx/CVE-2019-3910.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "ID" : "CVE-2019-3910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Crestron AM-100 Before 1.6.0.2", - "version" : { - "version_data" : [ - { - "version_value" : "Crestron AM-100 Before 1.6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "ID": "CVE-2019-3910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crestron AM-100 Before 1.6.0.2", + "version": { + "version_data": [ + { + "version_value": "Crestron AM-100 Before 1.6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2019-02", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2019-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2019-02", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2019-02" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6288.json b/2019/6xxx/CVE-2019-6288.json index 8a8a9823576..2f044597e85 100644 --- a/2019/6xxx/CVE-2019-6288.json +++ b/2019/6xxx/CVE-2019-6288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6288", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6288", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6510.json b/2019/6xxx/CVE-2019-6510.json index 8bb0a6b85d8..574c7e19dfa 100644 --- a/2019/6xxx/CVE-2019-6510.json +++ b/2019/6xxx/CVE-2019-6510.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/creditease-sec/insight/issues/42", - "refsource" : "MISC", - "url" : "https://github.com/creditease-sec/insight/issues/42" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/creditease-sec/insight/issues/42", + "refsource": "MISC", + "url": "https://github.com/creditease-sec/insight/issues/42" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6669.json b/2019/6xxx/CVE-2019-6669.json index 7e22e8862ba..8a96729e475 100644 --- a/2019/6xxx/CVE-2019-6669.json +++ b/2019/6xxx/CVE-2019-6669.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6669", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6669", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6803.json b/2019/6xxx/CVE-2019-6803.json index e35a869d483..080d1a40347 100644 --- a/2019/6xxx/CVE-2019-6803.json +++ b/2019/6xxx/CVE-2019-6803.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/typora/typora-issues/issues/2124", - "refsource" : "MISC", - "url" : "https://github.com/typora/typora-issues/issues/2124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/typora/typora-issues/issues/2124", + "refsource": "MISC", + "url": "https://github.com/typora/typora-issues/issues/2124" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6942.json b/2019/6xxx/CVE-2019-6942.json index 7dd32700dfb..d2153948e42 100644 --- a/2019/6xxx/CVE-2019-6942.json +++ b/2019/6xxx/CVE-2019-6942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6942", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6942", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7084.json b/2019/7xxx/CVE-2019-7084.json index f5160299c68..016e395519f 100644 --- a/2019/7xxx/CVE-2019-7084.json +++ b/2019/7xxx/CVE-2019-7084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7084", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7084", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7686.json b/2019/7xxx/CVE-2019-7686.json index 6bcebc78986..1ab75ed6469 100644 --- a/2019/7xxx/CVE-2019-7686.json +++ b/2019/7xxx/CVE-2019-7686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7731.json b/2019/7xxx/CVE-2019-7731.json index 1004391817f..3aba5f80c6d 100644 --- a/2019/7xxx/CVE-2019-7731.json +++ b/2019/7xxx/CVE-2019-7731.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/eddietcc/CVEnotes/blob/master/MyWebSQL/RCE/readme.md", - "refsource" : "MISC", - "url" : "https://github.com/eddietcc/CVEnotes/blob/master/MyWebSQL/RCE/readme.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/eddietcc/CVEnotes/blob/master/MyWebSQL/RCE/readme.md", + "refsource": "MISC", + "url": "https://github.com/eddietcc/CVEnotes/blob/master/MyWebSQL/RCE/readme.md" + } + ] + } +} \ No newline at end of file