diff --git a/2007/0xxx/CVE-2007-0149.json b/2007/0xxx/CVE-2007-0149.json index 848cb83a007..974d5eb3de4 100644 --- a/2007/0xxx/CVE-2007-0149.json +++ b/2007/0xxx/CVE-2007-0149.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070107 EMembersPro 1.0 Remote Password Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456228/100/0/threaded" - }, - { - "name" : "33403", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33403" - }, - { - "name" : "2118", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2118" - }, - { - "name" : "ememberspro-users-info-disclosure(31329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2118", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2118" + }, + { + "name": "20070107 EMembersPro 1.0 Remote Password Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456228/100/0/threaded" + }, + { + "name": "33403", + "refsource": "OSVDB", + "url": "http://osvdb.org/33403" + }, + { + "name": "ememberspro-users-info-disclosure(31329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31329" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0167.json b/2007/0xxx/CVE-2007-0167.json index cc286034a8a..cf703005ea4 100644 --- a/2007/0xxx/CVE-2007-0167.json +++ b/2007/0xxx/CVE-2007-0167.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070109 ppc engine Multiple file inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456386/100/0/threaded" - }, - { - "name" : "3104", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3104" - }, - { - "name" : "20070109 \"ppc engine\" is WGS-PPC", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-January/001221.html" - }, - { - "name" : "21961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21961" - }, - { - "name" : "33444", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33444" - }, - { - "name" : "33445", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33445" - }, - { - "name" : "33446", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33446" - }, - { - "name" : "33447", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33447" - }, - { - "name" : "33448", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33448" - }, - { - "name" : "33449", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33449" - }, - { - "name" : "33450", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33450" - }, - { - "name" : "33451", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33451" - }, - { - "name" : "33452", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33452" - }, - { - "name" : "33453", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33453" - }, - { - "name" : "33454", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33454" - }, - { - "name" : "2134", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2134" - }, - { - "name" : "demoppc-inc-file-include(31355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3104", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3104" + }, + { + "name": "33449", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33449" + }, + { + "name": "33445", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33445" + }, + { + "name": "2134", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2134" + }, + { + "name": "33447", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33447" + }, + { + "name": "33454", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33454" + }, + { + "name": "21961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21961" + }, + { + "name": "20070109 ppc engine Multiple file inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456386/100/0/threaded" + }, + { + "name": "20070109 \"ppc engine\" is WGS-PPC", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-January/001221.html" + }, + { + "name": "33450", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33450" + }, + { + "name": "33444", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33444" + }, + { + "name": "33448", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33448" + }, + { + "name": "demoppc-inc-file-include(31355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31355" + }, + { + "name": "33451", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33451" + }, + { + "name": "33452", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33452" + }, + { + "name": "33446", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33446" + }, + { + "name": "33453", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33453" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0280.json b/2007/0xxx/CVE-2007-0280.json index 53ceb5e09af..73f6390055e 100644 --- a/2007/0xxx/CVE-2007-0280.json +++ b/2007/0xxx/CVE-2007-0280.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" - }, - { - "name" : "TA07-017A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" - }, - { - "name" : "22083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22083" - }, - { - "name" : "32905", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32905" - }, - { - "name" : "1017522", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017522" - }, - { - "name" : "23794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23794" - }, - { - "name" : "oracle-cpu-jan2007(31541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23794" + }, + { + "name": "32905", + "refsource": "OSVDB", + "url": "http://osvdb.org/32905" + }, + { + "name": "22083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22083" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" + }, + { + "name": "TA07-017A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" + }, + { + "name": "oracle-cpu-jan2007(31541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" + }, + { + "name": "1017522", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017522" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0422.json b/2007/0xxx/CVE-2007-0422.json index 7f1574cc744..20ea39516e7 100644 --- a/2007/0xxx/CVE-2007-0422.json +++ b/2007/0xxx/CVE-2007-0422.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA07-150.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/217" - }, - { - "name" : "22082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22082" - }, - { - "name" : "ADV-2007-0213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0213" - }, - { - "name" : "32858", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32858" - }, - { - "name" : "1017525", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017525" - }, - { - "name" : "23750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32858", + "refsource": "OSVDB", + "url": "http://osvdb.org/32858" + }, + { + "name": "1017525", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017525" + }, + { + "name": "23750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23750" + }, + { + "name": "22082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22082" + }, + { + "name": "ADV-2007-0213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0213" + }, + { + "name": "BEA07-150.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/217" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0950.json b/2007/0xxx/CVE-2007-0950.json index 99570eab694..6a24d001646 100644 --- a/2007/0xxx/CVE-2007-0950.json +++ b/2007/0xxx/CVE-2007-0950.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070213 Fullaspsite Shop (tr) Xss & SqL İnj. VulnZ.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459979/100/0/threaded" - }, - { - "name" : "22545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22545" - }, - { - "name" : "33720", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33720" - }, - { - "name" : "2250", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2250" - }, - { - "name" : "fullaspsite-listmain-xss(32469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070213 Fullaspsite Shop (tr) Xss & SqL İnj. VulnZ.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459979/100/0/threaded" + }, + { + "name": "33720", + "refsource": "OSVDB", + "url": "http://osvdb.org/33720" + }, + { + "name": "22545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22545" + }, + { + "name": "2250", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2250" + }, + { + "name": "fullaspsite-listmain-xss(32469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32469" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3092.json b/2007/3xxx/CVE-2007-3092.json index a772c07d738..45b0a830110 100644 --- a/2007/3xxx/CVE-2007-3092.json +++ b/2007/3xxx/CVE-2007-3092.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070604 Assorted browser vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470446/100/0/threaded" - }, - { - "name" : "20070604 Assorted browser vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html" - }, - { - "name" : "http://lcamtuf.coredump.cx/ietrap2/", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/ietrap2/" - }, - { - "name" : "24298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24298" - }, - { - "name" : "45437", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45437" - }, - { - "name" : "1018193", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018193" - }, - { - "name" : "25564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25564" - }, - { - "name" : "2781", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2781" - }, - { - "name" : "ie-location-url-spoofing(34705)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45437", + "refsource": "OSVDB", + "url": "http://osvdb.org/45437" + }, + { + "name": "1018193", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018193" + }, + { + "name": "25564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25564" + }, + { + "name": "20070604 Assorted browser vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html" + }, + { + "name": "20070604 Assorted browser vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470446/100/0/threaded" + }, + { + "name": "http://lcamtuf.coredump.cx/ietrap2/", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/ietrap2/" + }, + { + "name": "2781", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2781" + }, + { + "name": "ie-location-url-spoofing(34705)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34705" + }, + { + "name": "24298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24298" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3334.json b/2007/3xxx/CVE-2007-3334.json index c8efb51be9a..adc4ce1d67a 100644 --- a/2007/3xxx/CVE-2007-3334.json +++ b/2007/3xxx/CVE-2007-3334.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546" - }, - { - "name" : "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp" - }, - { - "name" : "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778", - "refsource" : "CONFIRM", - "url" : "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778" - }, - { - "name" : "24585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24585" - }, - { - "name" : "37487", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37487" - }, - { - "name" : "37488", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37488" - }, - { - "name" : "ADV-2007-2288", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2288" - }, - { - "name" : "ADV-2007-2290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2290" - }, - { - "name" : "1018278", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018278" - }, - { - "name" : "25775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25775" - }, - { - "name" : "25756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25756" - }, - { - "name" : "ingres-communications-server-bo(34991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991" - }, - { - "name" : "ingres-wakeup-privilege-escalation(35002)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002" - }, - { - "name" : "ingres-data-access-server-bo(34992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2288", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2288" + }, + { + "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778", + "refsource": "CONFIRM", + "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778" + }, + { + "name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546" + }, + { + "name": "ingres-wakeup-privilege-escalation(35002)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002" + }, + { + "name": "25756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25756" + }, + { + "name": "25775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25775" + }, + { + "name": "37488", + "refsource": "OSVDB", + "url": "http://osvdb.org/37488" + }, + { + "name": "ADV-2007-2290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2290" + }, + { + "name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp" + }, + { + "name": "ingres-communications-server-bo(34991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991" + }, + { + "name": "37487", + "refsource": "OSVDB", + "url": "http://osvdb.org/37487" + }, + { + "name": "1018278", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018278" + }, + { + "name": "ingres-data-access-server-bo(34992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992" + }, + { + "name": "24585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24585" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3574.json b/2007/3xxx/CVE-2007-3574.json index c61f04820bf..024aeff96e2 100644 --- a/2007/3xxx/CVE-2007-3574.json +++ b/2007/3xxx/CVE-2007-3574.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html" - }, - { - "name" : "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "24682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24682" - }, - { - "name" : "40877", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40877" - }, - { - "name" : "40878", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40878" - }, - { - "name" : "27738", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27738/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "27738", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27738/" + }, + { + "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html", + "refsource": "MISC", + "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html" + }, + { + "name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/" + }, + { + "name": "24682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24682" + }, + { + "name": "40878", + "refsource": "OSVDB", + "url": "http://osvdb.org/40878" + }, + { + "name": "40877", + "refsource": "OSVDB", + "url": "http://osvdb.org/40877" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4404.json b/2007/4xxx/CVE-2007-4404.json index 944f498eeee..6d9d9ff237f 100644 --- a/2007/4xxx/CVE-2007-4404.json +++ b/2007/4xxx/CVE-2007-4404.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a \"J 0:#channel\" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote \"names -D\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070812 Multiple vulnerabilities in ircu", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476285/100/0/threaded" - }, - { - "name" : "25285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25285" - }, - { - "name" : "46710", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46710" - }, - { - "name" : "46711", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46711" - }, - { - "name" : "46712", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46712" - }, - { - "name" : "3031", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3031" - }, - { - "name" : "ircu-channelname-dos(35986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35986" - }, - { - "name" : "ircu-joinapass-dos(35987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35987" - }, - { - "name" : "ircu-remotenames-dos(35984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a \"J 0:#channel\" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote \"names -D\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46710", + "refsource": "OSVDB", + "url": "http://osvdb.org/46710" + }, + { + "name": "3031", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3031" + }, + { + "name": "20070812 Multiple vulnerabilities in ircu", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476285/100/0/threaded" + }, + { + "name": "ircu-remotenames-dos(35984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35984" + }, + { + "name": "ircu-joinapass-dos(35987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35987" + }, + { + "name": "ircu-channelname-dos(35986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35986" + }, + { + "name": "46711", + "refsource": "OSVDB", + "url": "http://osvdb.org/46711" + }, + { + "name": "46712", + "refsource": "OSVDB", + "url": "http://osvdb.org/46712" + }, + { + "name": "25285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25285" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4405.json b/2007/4xxx/CVE-2007-4405.json index 8762915e59d..3a869ff73ba 100644 --- a/2007/4xxx/CVE-2007-4405.json +++ b/2007/4xxx/CVE-2007-4405.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070812 Multiple vulnerabilities in ircu", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476285/100/0/threaded" - }, - { - "name" : "25285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25285" - }, - { - "name" : "46718", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46718" - }, - { - "name" : "3031", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3031" - }, - { - "name" : "ircu-zannel-dos(35988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3031", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3031" + }, + { + "name": "ircu-zannel-dos(35988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35988" + }, + { + "name": "20070812 Multiple vulnerabilities in ircu", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476285/100/0/threaded" + }, + { + "name": "46718", + "refsource": "OSVDB", + "url": "http://osvdb.org/46718" + }, + { + "name": "25285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25285" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4441.json b/2007/4xxx/CVE-2007-4441.json index 77b684c854a..1d1c42bc61f 100644 --- a/2007/4xxx/CVE-2007-4441.json +++ b/2007/4xxx/CVE-2007-4441.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4293", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4293" - }, - { - "name" : "25414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25414" - }, - { - "name" : "php-phpwin32sti-bo(36118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "php-phpwin32sti-bo(36118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36118" + }, + { + "name": "4293", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4293" + }, + { + "name": "25414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25414" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4747.json b/2007/4xxx/CVE-2007-4747.json index 251062159e6..e18611ce5dc 100644 --- a/2007/4xxx/CVE-2007-4747.json +++ b/2007/4xxx/CVE-2007-4747.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070905 Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00808b4d38.shtml" - }, - { - "name" : "25549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25549" - }, - { - "name" : "ADV-2007-3061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3061" - }, - { - "name" : "37503", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37503" - }, - { - "name" : "1018655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018655" - }, - { - "name" : "26721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26721" - }, - { - "name" : "cisco-videosurv-telnet-privilege-escalation(36449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070905 Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808b4d38.shtml" + }, + { + "name": "37503", + "refsource": "OSVDB", + "url": "http://osvdb.org/37503" + }, + { + "name": "25549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25549" + }, + { + "name": "cisco-videosurv-telnet-privilege-escalation(36449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36449" + }, + { + "name": "ADV-2007-3061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3061" + }, + { + "name": "1018655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018655" + }, + { + "name": "26721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26721" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6274.json b/2007/6xxx/CVE-2007-6274.json index 537ee114f5d..0df84f462e6 100644 --- a/2007/6xxx/CVE-2007-6274.json +++ b/2007/6xxx/CVE-2007-6274.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2007/11/bcoops-sql-injection-and-cross-site.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2007/11/bcoops-sql-injection-and-cross-site.html" - }, - { - "name" : "26629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26629" - }, - { - "name" : "26945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26945" - }, - { - "name" : "bcoos-display-xss(38734)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26629" + }, + { + "name": "26945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26945" + }, + { + "name": "bcoos-display-xss(38734)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38734" + }, + { + "name": "http://lostmon.blogspot.com/2007/11/bcoops-sql-injection-and-cross-site.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2007/11/bcoops-sql-injection-and-cross-site.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6566.json b/2007/6xxx/CVE-2007-6566.json index e62e0c53e8d..d43016c1107 100644 --- a/2007/6xxx/CVE-2007-6566.json +++ b/2007/6xxx/CVE-2007-6566.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071227 XZero Community Classifieds <= v4.95.11 LFI & SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485545/100/0/threaded" - }, - { - "name" : "4794", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4794" - }, - { - "name" : "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst", - "refsource" : "MISC", - "url" : "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst" - }, - { - "name" : "27042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27042" - }, - { - "name" : "39740", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39740" - }, - { - "name" : "28250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28250" - }, - { - "name" : "xzero-index-post-sql-injection(39259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xzero-index-post-sql-injection(39259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39259" + }, + { + "name": "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst", + "refsource": "MISC", + "url": "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst" + }, + { + "name": "20071227 XZero Community Classifieds <= v4.95.11 LFI & SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485545/100/0/threaded" + }, + { + "name": "39740", + "refsource": "OSVDB", + "url": "http://osvdb.org/39740" + }, + { + "name": "28250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28250" + }, + { + "name": "4794", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4794" + }, + { + "name": "27042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27042" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5314.json b/2010/5xxx/CVE-2010-5314.json index ef1d8b1297f..9746e773f5d 100644 --- a/2010/5xxx/CVE-2010-5314.json +++ b/2010/5xxx/CVE-2010-5314.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB22723", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB22723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB22723", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB22723" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1601.json b/2014/1xxx/CVE-2014-1601.json index 9a5d713e711..31a6197268f 100644 --- a/2014/1xxx/CVE-2014-1601.json +++ b/2014/1xxx/CVE-2014-1601.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1601", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1601", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5223.json b/2014/5xxx/CVE-2014-5223.json index 8fd83f581b2..4cb5459ea74 100644 --- a/2014/5xxx/CVE-2014-5223.json +++ b/2014/5xxx/CVE-2014-5223.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5223", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5223", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5435.json b/2014/5xxx/CVE-2014-5435.json index 7c6c6364304..9fe64c93f2c 100644 --- a/2014/5xxx/CVE-2014-5435.json +++ b/2014/5xxx/CVE-2014-5435.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5435", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5435", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2120.json b/2015/2xxx/CVE-2015-2120.json index 5998368ac2b..55d10c0756f 100644 --- a/2015/2xxx/CVE-2015-2120.json +++ b/2015/2xxx/CVE-2015-2120.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-2120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-239", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-239" - }, - { - "name" : "HPSBGN03325", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04688784" - }, - { - "name" : "SSRT101902", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04688784" - }, - { - "name" : "74801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74801" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-239", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-239" + }, + { + "name": "SSRT101902", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04688784" + }, + { + "name": "HPSBGN03325", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04688784" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2163.json b/2015/2xxx/CVE-2015-2163.json index 3afb855a991..7a982a9ff48 100644 --- a/2015/2xxx/CVE-2015-2163.json +++ b/2015/2xxx/CVE-2015-2163.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2163", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2163", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2776.json b/2015/2xxx/CVE-2015-2776.json index e117a97c7b5..8da09fb98c1 100644 --- a/2015/2xxx/CVE-2015-2776.json +++ b/2015/2xxx/CVE-2015-2776.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150324 CVE Request: Multiple vulnerabilities in freexl 1.0.0g", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/25/1" - }, - { - "name" : "[oss-security] 20150327 Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/27/5" - }, - { - "name" : "[oss-security] 20150327 Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/27/13" - }, - { - "name" : "https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1", - "refsource" : "CONFIRM", - "url" : "https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1" - }, - { - "name" : "DSA-3208", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3208" - }, - { - "name" : "GLSA-201606-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-15" - }, - { - "name" : "73330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201606-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-15" + }, + { + "name": "DSA-3208", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3208" + }, + { + "name": "[oss-security] 20150327 Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/27/5" + }, + { + "name": "https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1", + "refsource": "CONFIRM", + "url": "https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1" + }, + { + "name": "[oss-security] 20150327 Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/27/13" + }, + { + "name": "[oss-security] 20150324 CVE Request: Multiple vulnerabilities in freexl 1.0.0g", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/25/1" + }, + { + "name": "73330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73330" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6209.json b/2015/6xxx/CVE-2015-6209.json index 2d273526ec5..5894306cbe9 100644 --- a/2015/6xxx/CVE-2015-6209.json +++ b/2015/6xxx/CVE-2015-6209.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6209", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6209", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6299.json b/2015/6xxx/CVE-2015-6299.json index c23d9089a77..859037cbce9 100644 --- a/2015/6xxx/CVE-2015-6299.json +++ b/2015/6xxx/CVE-2015-6299.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150918 Cisco Unity Connection Web Interface SQL Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=41074" - }, - { - "name" : "1033622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150918 Cisco Unity Connection Web Interface SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41074" + }, + { + "name": "1033622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033622" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6425.json b/2015/6xxx/CVE-2015-6425.json index 9c55d02582b..67695580bbc 100644 --- a/2015/6xxx/CVE-2015-6425.json +++ b/2015/6xxx/CVE-2015-6425.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151215 Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim" - }, - { - "name" : "79275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79275" - }, - { - "name" : "1034431", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151215 Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim" + }, + { + "name": "79275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79275" + }, + { + "name": "1034431", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034431" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6434.json b/2015/6xxx/CVE-2015-6434.json index 827fc0f2550..9e41378161e 100644 --- a/2015/6xxx/CVE-2015-6434.json +++ b/2015/6xxx/CVE-2015-6434.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCux64856." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160105 Cisco Prime Infrastructure Frame Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-pi" - }, - { - "name" : "1034582", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCux64856." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160105 Cisco Prime Infrastructure Frame Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-pi" + }, + { + "name": "1034582", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034582" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6904.json b/2015/6xxx/CVE-2015-6904.json index edc1f69b805..0645a5f20fa 100644 --- a/2015/6xxx/CVE-2015-6904.json +++ b/2015/6xxx/CVE-2015-6904.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6904", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6904", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7974.json b/2015/7xxx/CVE-2015-7974.json index 5c950d65253..8fe60fc8963 100644 --- a/2015/7xxx/CVE-2015-7974.json +++ b/2015/7xxx/CVE-2015-7974.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintel.com/reports/TALOS-2016-0071/", - "refsource" : "MISC", - "url" : "http://www.talosintel.com/reports/TALOS-2016-0071/" - }, - { - "name" : "http://bugs.ntp.org/show_bug.cgi?id=2936", - "refsource" : "CONFIRM", - "url" : "http://bugs.ntp.org/show_bug.cgi?id=2936" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug2936", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug2936" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171031-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171031-0001/" - }, - { - "name" : "DSA-3629", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3629" - }, - { - "name" : "FreeBSD-SA-16:09", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc" - }, - { - "name" : "GLSA-201607-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-15" - }, - { - "name" : "RHSA-2016:2583", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2583.html" - }, - { - "name" : "81960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81960" - }, - { - "name" : "1034782", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintel.com/reports/TALOS-2016-0071/", + "refsource": "MISC", + "url": "http://www.talosintel.com/reports/TALOS-2016-0071/" + }, + { + "name": "DSA-3629", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3629" + }, + { + "name": "81960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81960" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us" + }, + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug2936", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug2936" + }, + { + "name": "1034782", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034782" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us" + }, + { + "name": "RHSA-2016:2583", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171031-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171031-0001/" + }, + { + "name": "http://bugs.ntp.org/show_bug.cgi?id=2936", + "refsource": "CONFIRM", + "url": "http://bugs.ntp.org/show_bug.cgi?id=2936" + }, + { + "name": "FreeBSD-SA-16:09", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc" + }, + { + "name": "GLSA-201607-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-15" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0095.json b/2016/0xxx/CVE-2016-0095.json index 6811778656b..daaa93d1e82 100644 --- a/2016/0xxx/CVE-2016-0095.json +++ b/2016/0xxx/CVE-2016-0095.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-196", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-196" - }, - { - "name" : "MS16-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-034" - }, - { - "name" : "84072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84072" - }, - { - "name" : "1035212", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84072" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-196", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-196" + }, + { + "name": "MS16-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-034" + }, + { + "name": "1035212", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035212" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0106.json b/2016/0xxx/CVE-2016-0106.json index 568f47c4ab6..397f3184837 100644 --- a/2016/0xxx/CVE-2016-0106.json +++ b/2016/0xxx/CVE-2016-0106.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-179", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-179" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-180", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-180" - }, - { - "name" : "MS16-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023" - }, - { - "name" : "84014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84014" - }, - { - "name" : "1035203", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035203", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035203" + }, + { + "name": "MS16-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-180", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-180" + }, + { + "name": "84014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84014" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-179", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-179" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000146.json b/2016/1000xxx/CVE-2016-1000146.json index 53078be851a..9bf56b83878 100644 --- a/2016/1000xxx/CVE-2016-1000146.json +++ b/2016/1000xxx/CVE-2016-1000146.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected XSS in wordpress plugin pondol-formmail v1.1" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/wp/wp_advisory.php?v=787", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/wp/wp_advisory.php?v=787" - }, - { - "name" : "https://wordpress.org/plugins/pondol-formmail", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/pondol-formmail" - }, - { - "name" : "93584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected XSS in wordpress plugin pondol-formmail v1.1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/pondol-formmail", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/pondol-formmail" + }, + { + "name": "http://www.vapidlabs.com/wp/wp_advisory.php?v=787", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/wp/wp_advisory.php?v=787" + }, + { + "name": "93584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93584" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10028.json b/2016/10xxx/CVE-2016-10028.json index c8c3bd686da..d93d5487713 100644 --- a/2016/10xxx/CVE-2016-10028.json +++ b/2016/10xxx/CVE-2016-10028.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-10028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161220 CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/20/1" - }, - { - "name" : "[oss-security] 20161222 Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/22/14" - }, - { - "name" : "[qemu-devel] 20161214 [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html" - }, - { - "name" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=abd7f08b2353f43274b785db8c7224f082ef4d31", - "refsource" : "CONFIRM", - "url" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=abd7f08b2353f43274b785db8c7224f082ef4d31" - }, - { - "name" : "GLSA-201701-49", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-49" - }, - { - "name" : "94981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94981" - }, - { - "name" : "1037525", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=abd7f08b2353f43274b785db8c7224f082ef4d31", + "refsource": "CONFIRM", + "url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=abd7f08b2353f43274b785db8c7224f082ef4d31" + }, + { + "name": "1037525", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037525" + }, + { + "name": "94981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94981" + }, + { + "name": "GLSA-201701-49", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-49" + }, + { + "name": "[qemu-devel] 20161214 [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html" + }, + { + "name": "[oss-security] 20161220 CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/20/1" + }, + { + "name": "[oss-security] 20161222 Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/22/14" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10466.json b/2016/10xxx/CVE-2016-10466.json index 228bab77c8f..a63e3675e22 100644 --- a/2016/10xxx/CVE-2016-10466.json +++ b/2016/10xxx/CVE-2016-10466.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, during SSL handshake, if RNG function (crypto API) returns error, SSL uses hard-coded random value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of insufficiently random values in Modem" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, during SSL handshake, if RNG function (crypto API) returns error, SSL uses hard-coded random value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of insufficiently random values in Modem" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4218.json b/2016/4xxx/CVE-2016-4218.json index d70350551ba..d1fb8631647 100644 --- a/2016/4xxx/CVE-2016-4218.json +++ b/2016/4xxx/CVE-2016-4218.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" - }, - { - "name" : "GLSA-201607-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-03" - }, - { - "name" : "RHSA-2016:1423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1423" - }, - { - "name" : "SUSE-SU-2016:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" - }, - { - "name" : "91725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91725" - }, - { - "name" : "1036280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" + }, + { + "name": "GLSA-201607-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-03" + }, + { + "name": "openSUSE-SU-2016:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" + }, + { + "name": "91725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91725" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" + }, + { + "name": "RHSA-2016:1423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1423" + }, + { + "name": "1036280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036280" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4419.json b/2016/4xxx/CVE-2016-4419.json index 561e51cc00c..b91bd1d1cdf 100644 --- a/2016/4xxx/CVE-2016-4419.json +++ b/2016/4xxx/CVE-2016-4419.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12151", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12151" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2016-16.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2016-16.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12151", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12151" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2016-16.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2016-16.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4506.json b/2016/4xxx/CVE-2016-4506.json index fa571f99e46..b99d2950a70 100644 --- a/2016/4xxx/CVE-2016-4506.json +++ b/2016/4xxx/CVE-2016-4506.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-140-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-140-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-140-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-140-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4898.json b/2016/4xxx/CVE-2016-4898.json index ac34f02bb2a..d5a69941e01 100644 --- a/2016/4xxx/CVE-2016-4898.json +++ b/2016/4xxx/CVE-2016-4898.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2016/haavoittuvuus-2016-134.html", - "refsource" : "CONFIRM", - "url" : "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2016/haavoittuvuus-2016-134.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2016/haavoittuvuus-2016-134.html", + "refsource": "CONFIRM", + "url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2016/haavoittuvuus-2016-134.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9219.json b/2016/9xxx/CVE-2016-9219.json index 9a2d9010eab..2d90e3a094a 100644 --- a/2016/9xxx/CVE-2016-9219.json +++ b/2016/9xxx/CVE-2016-9219.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-9219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wireless LAN Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Wireless LAN Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-9219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wireless LAN Controller", + "version": { + "version_data": [ + { + "version_value": "Cisco Wireless LAN Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2" - }, - { - "name" : "97423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97423" - }, - { - "name" : "1038183", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2" + }, + { + "name": "97423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97423" + }, + { + "name": "1038183", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038183" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9427.json b/2016/9xxx/CVE-2016-9427.json index d1349ca2959..15de23eda9a 100644 --- a/2016/9xxx/CVE-2016-9427.json +++ b/2016/9xxx/CVE-2016-9427.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3" - }, - { - "name" : "https://github.com/ivmai/bdwgc/issues/135", - "refsource" : "CONFIRM", - "url" : "https://github.com/ivmai/bdwgc/issues/135" - }, - { - "name" : "openSUSE-SU-2016:3126", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html" - }, - { - "name" : "openSUSE-SU-2016:3177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html" - }, - { - "name" : "94407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:3126", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html" + }, + { + "name": "https://github.com/ivmai/bdwgc/issues/135", + "refsource": "CONFIRM", + "url": "https://github.com/ivmai/bdwgc/issues/135" + }, + { + "name": "94407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94407" + }, + { + "name": "openSUSE-SU-2016:3177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html" + }, + { + "name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9890.json b/2016/9xxx/CVE-2016-9890.json index 0fc34cdb353..cf07313a26d 100644 --- a/2016/9xxx/CVE-2016-9890.json +++ b/2016/9xxx/CVE-2016-9890.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9890", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9890", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2342.json b/2019/2xxx/CVE-2019-2342.json index db3a161d41b..2c4d860b57d 100644 --- a/2019/2xxx/CVE-2019-2342.json +++ b/2019/2xxx/CVE-2019-2342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2342", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2342", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2459.json b/2019/2xxx/CVE-2019-2459.json index 0571ac7f50a..f1769b535b7 100644 --- a/2019/2xxx/CVE-2019-2459.json +++ b/2019/2xxx/CVE-2019-2459.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106579" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2628.json b/2019/2xxx/CVE-2019-2628.json index f1770cb2b74..ea2549c5094 100644 --- a/2019/2xxx/CVE-2019-2628.json +++ b/2019/2xxx/CVE-2019-2628.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2628", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2628", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2997.json b/2019/2xxx/CVE-2019-2997.json index 52dad02583b..b793c0e45ac 100644 --- a/2019/2xxx/CVE-2019-2997.json +++ b/2019/2xxx/CVE-2019-2997.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2997", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2997", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3487.json b/2019/3xxx/CVE-2019-3487.json index 7f6d536f2b9..17fff2b7368 100644 --- a/2019/3xxx/CVE-2019-3487.json +++ b/2019/3xxx/CVE-2019-3487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3487", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3487", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3549.json b/2019/3xxx/CVE-2019-3549.json index 8b8fe2ff21a..027490b225a 100644 --- a/2019/3xxx/CVE-2019-3549.json +++ b/2019/3xxx/CVE-2019-3549.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3549", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3549", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3566.json b/2019/3xxx/CVE-2019-3566.json index e8c1b11996f..afb2e8562b8 100644 --- a/2019/3xxx/CVE-2019-3566.json +++ b/2019/3xxx/CVE-2019-3566.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3566", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3566", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3693.json b/2019/3xxx/CVE-2019-3693.json index bc202231102..01aab032cfb 100644 --- a/2019/3xxx/CVE-2019-3693.json +++ b/2019/3xxx/CVE-2019-3693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6381.json b/2019/6xxx/CVE-2019-6381.json index 682914b5b0b..27173176fed 100644 --- a/2019/6xxx/CVE-2019-6381.json +++ b/2019/6xxx/CVE-2019-6381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6381", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6381", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6470.json b/2019/6xxx/CVE-2019-6470.json index f5ea62442ee..8b4b321bbfc 100644 --- a/2019/6xxx/CVE-2019-6470.json +++ b/2019/6xxx/CVE-2019-6470.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6470", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6470", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6516.json b/2019/6xxx/CVE-2019-6516.json index 8b3d04d9bed..2360573235e 100644 --- a/2019/6xxx/CVE-2019-6516.json +++ b/2019/6xxx/CVE-2019-6516.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6516", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6516", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6967.json b/2019/6xxx/CVE-2019-6967.json index a3245609349..ba0d7cc5325 100644 --- a/2019/6xxx/CVE-2019-6967.json +++ b/2019/6xxx/CVE-2019-6967.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6967", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6967", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7058.json b/2019/7xxx/CVE-2019-7058.json index c7556290a3e..9430870ee02 100644 --- a/2019/7xxx/CVE-2019-7058.json +++ b/2019/7xxx/CVE-2019-7058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7058", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7058", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7300.json b/2019/7xxx/CVE-2019-7300.json index c4cfbefa5f3..da00c2e7f1a 100644 --- a/2019/7xxx/CVE-2019-7300.json +++ b/2019/7xxx/CVE-2019-7300.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://code610.blogspot.com/2019/01/rce-in-artica.html", - "refsource" : "MISC", - "url" : "https://code610.blogspot.com/2019/01/rce-in-artica.html" - }, - { - "name" : "https://github.com/c610/tmp/blob/master/aRtiCE.py", - "refsource" : "MISC", - "url" : "https://github.com/c610/tmp/blob/master/aRtiCE.py" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code610.blogspot.com/2019/01/rce-in-artica.html", + "refsource": "MISC", + "url": "https://code610.blogspot.com/2019/01/rce-in-artica.html" + }, + { + "name": "https://github.com/c610/tmp/blob/master/aRtiCE.py", + "refsource": "MISC", + "url": "https://github.com/c610/tmp/blob/master/aRtiCE.py" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7317.json b/2019/7xxx/CVE-2019-7317.json index 792161cee65..03085eb5331 100644 --- a/2019/7xxx/CVE-2019-7317.json +++ b/2019/7xxx/CVE-2019-7317.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803" - }, - { - "name" : "https://github.com/glennrp/libpng/issues/275", - "refsource" : "MISC", - "url" : "https://github.com/glennrp/libpng/issues/275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803" + }, + { + "name": "https://github.com/glennrp/libpng/issues/275", + "refsource": "MISC", + "url": "https://github.com/glennrp/libpng/issues/275" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7532.json b/2019/7xxx/CVE-2019-7532.json index 8fbddc6f163..f7dc2a05d48 100644 --- a/2019/7xxx/CVE-2019-7532.json +++ b/2019/7xxx/CVE-2019-7532.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7532", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7532", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8149.json b/2019/8xxx/CVE-2019-8149.json index 789a1e37460..ad512eb2b78 100644 --- a/2019/8xxx/CVE-2019-8149.json +++ b/2019/8xxx/CVE-2019-8149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8149", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8149", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8307.json b/2019/8xxx/CVE-2019-8307.json index 9c209379006..10c77322ccc 100644 --- a/2019/8xxx/CVE-2019-8307.json +++ b/2019/8xxx/CVE-2019-8307.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8307", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8307", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8495.json b/2019/8xxx/CVE-2019-8495.json index a9363f9901b..641b0b2d0e2 100644 --- a/2019/8xxx/CVE-2019-8495.json +++ b/2019/8xxx/CVE-2019-8495.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8495", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8495", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8670.json b/2019/8xxx/CVE-2019-8670.json index 633ea410f62..5ac28d09f42 100644 --- a/2019/8xxx/CVE-2019-8670.json +++ b/2019/8xxx/CVE-2019-8670.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8670", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8670", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8679.json b/2019/8xxx/CVE-2019-8679.json index 0459d3d02d3..085b6fadd4b 100644 --- a/2019/8xxx/CVE-2019-8679.json +++ b/2019/8xxx/CVE-2019-8679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8679", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8679", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9235.json b/2019/9xxx/CVE-2019-9235.json index bea2795029d..ed1e660a3f2 100644 --- a/2019/9xxx/CVE-2019-9235.json +++ b/2019/9xxx/CVE-2019-9235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9235", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9235", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file