diff --git a/2007/2xxx/CVE-2007-2077.json b/2007/2xxx/CVE-2007-2077.json index 6e831af6e70..59dd2de42e3 100644 --- a/2007/2xxx/CVE-2007-2077.json +++ b/2007/2xxx/CVE-2007-2077.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating \"this issue was fixed last year and [no] is longer a problem.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070414 Maian Search v1.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465731/100/0/threaded" - }, - { - "name" : "20070414 Re: Maian Search v1.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465857/100/0/threaded" - }, - { - "name" : "20070415 Re: phpMyChat-0.14.5", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html" - }, - { - "name" : "20070414 false: Maian Search v1.1", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2007-April/001524.html" - }, - { - "name" : "34150", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating \"this issue was fixed last year and [no] is longer a problem.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070414 Re: Maian Search v1.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465857/100/0/threaded" + }, + { + "name": "20070415 Re: phpMyChat-0.14.5", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html" + }, + { + "name": "20070414 false: Maian Search v1.1", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2007-April/001524.html" + }, + { + "name": "34150", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34150" + }, + { + "name": "20070414 Maian Search v1.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465731/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2638.json b/2007/2xxx/CVE-2007-2638.json index 111d2ad1271..eb499aa9ca4 100644 --- a/2007/2xxx/CVE-2007-2638.json +++ b/2007/2xxx/CVE-2007-2638.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070511 eFileCabinet Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468314/100/0/threaded" - }, - { - "name" : "23944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23944" - }, - { - "name" : "34774", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34774" - }, - { - "name" : "2696", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2696" - }, - { - "name" : "efilecabinet-cabinetnumber-security-bypass(34251)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2696", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2696" + }, + { + "name": "23944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23944" + }, + { + "name": "34774", + "refsource": "OSVDB", + "url": "http://osvdb.org/34774" + }, + { + "name": "efilecabinet-cabinetnumber-security-bypass(34251)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34251" + }, + { + "name": "20070511 eFileCabinet Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468314/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2664.json b/2007/2xxx/CVE-2007-2664.json index df5aab95fc3..2a52d0b7999 100644 --- a/2007/2xxx/CVE-2007-2664.json +++ b/2007/2xxx/CVE-2007-2664.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3908", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3908" - }, - { - "name" : "ADV-2007-1797", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1797" - }, - { - "name" : "36060", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36060" - }, - { - "name" : "25254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25254" - }, - { - "name" : "yaap-common-file-include(34264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36060", + "refsource": "OSVDB", + "url": "http://osvdb.org/36060" + }, + { + "name": "3908", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3908" + }, + { + "name": "ADV-2007-1797", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1797" + }, + { + "name": "25254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25254" + }, + { + "name": "yaap-common-file-include(34264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34264" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2705.json b/2007/2xxx/CVE-2007-2705.json index 70f99e622f7..8f0af706dfa 100644 --- a/2007/2xxx/CVE-2007-2705.json +++ b/2007/2xxx/CVE-2007-2705.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when \"deployed in an exploded format,\" allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA07-170.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/239" - }, - { - "name" : "36063", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36063" - }, - { - "name" : "ADV-2007-1815", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1815" - }, - { - "name" : "1018059", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018059" - }, - { - "name" : "weblogic-testview-directory-traversal(34281)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when \"deployed in an exploded format,\" allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018059", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018059" + }, + { + "name": "36063", + "refsource": "OSVDB", + "url": "http://osvdb.org/36063" + }, + { + "name": "ADV-2007-1815", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1815" + }, + { + "name": "BEA07-170.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/239" + }, + { + "name": "weblogic-testview-directory-traversal(34281)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34281" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2929.json b/2007/2xxx/CVE-2007-2929.json index d8b46ff5c1b..a516edf974b 100644 --- a/2007/2xxx/CVE-2007-2929.json +++ b/2007/2xxx/CVE-2007-2929.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-2929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649", - "refsource" : "CONFIRM", - "url" : "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649" - }, - { - "name" : "MS07-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" - }, - { - "name" : "VU#426737", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/426737" - }, - { - "name" : "25311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25311" - }, - { - "name" : "ADV-2007-2882", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2882" - }, - { - "name" : "26482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26482" - }, - { - "name" : "ibm-lenovo-acprunner-domain-code-execution(36035)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2882", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2882" + }, + { + "name": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649", + "refsource": "CONFIRM", + "url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649" + }, + { + "name": "MS07-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" + }, + { + "name": "ibm-lenovo-acprunner-domain-code-execution(36035)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36035" + }, + { + "name": "VU#426737", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/426737" + }, + { + "name": "26482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26482" + }, + { + "name": "25311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25311" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2951.json b/2007/2xxx/CVE-2007-2951.json index 5a787634ccf..9d07e0665f1 100644 --- a/2007/2xxx/CVE-2007-2951.json +++ b/2007/2xxx/CVE-2007-2951.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2007-2951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070628 Secunia Research: KVIrc irc:// URI Handler Command ExecutionVulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472441/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2007-56/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-56/advisory/" - }, - { - "name" : "https://svn.kvirc.de/kvirc/changeset/630/#file3", - "refsource" : "CONFIRM", - "url" : "https://svn.kvirc.de/kvirc/changeset/630/#file3" - }, - { - "name" : "GLSA-200709-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200709-02.xml" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "24652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24652" - }, - { - "name" : "37604", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37604" - }, - { - "name" : "ADV-2007-2334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2334" - }, - { - "name" : "25740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25740" - }, - { - "name" : "26813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26813" - }, - { - "name" : "kvirc-parseircurl-command-execution(35087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://svn.kvirc.de/kvirc/changeset/630/#file3", + "refsource": "CONFIRM", + "url": "https://svn.kvirc.de/kvirc/changeset/630/#file3" + }, + { + "name": "20070628 Secunia Research: KVIrc irc:// URI Handler Command ExecutionVulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472441/100/0/threaded" + }, + { + "name": "GLSA-200709-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200709-02.xml" + }, + { + "name": "kvirc-parseircurl-command-execution(35087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35087" + }, + { + "name": "26813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26813" + }, + { + "name": "ADV-2007-2334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2334" + }, + { + "name": "37604", + "refsource": "OSVDB", + "url": "http://osvdb.org/37604" + }, + { + "name": "24652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24652" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + }, + { + "name": "http://secunia.com/secunia_research/2007-56/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-56/advisory/" + }, + { + "name": "25740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25740" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3230.json b/2007/3xxx/CVE-2007-3230.json index 8e592fa285c..ff4b866bf09 100644 --- a/2007/3xxx/CVE-2007-3230.json +++ b/2007/3xxx/CVE-2007-3230.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4072", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4072" - }, - { - "name" : "24477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24477" - }, - { - "name" : "ADV-2007-2208", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2208" - }, - { - "name" : "36304", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36304" - }, - { - "name" : "25687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25687" - }, - { - "name" : "phphtml-htmlclass-file-include(34871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4072", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4072" + }, + { + "name": "phphtml-htmlclass-file-include(34871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34871" + }, + { + "name": "25687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25687" + }, + { + "name": "36304", + "refsource": "OSVDB", + "url": "http://osvdb.org/36304" + }, + { + "name": "ADV-2007-2208", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2208" + }, + { + "name": "24477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24477" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3350.json b/2007/3xxx/CVE-2007-3350.json index c7c699ae255..5b58f70ceae 100644 --- a/2007/3xxx/CVE-2007-3350.json +++ b/2007/3xxx/CVE-2007-3350.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=293&", - "refsource" : "MISC", - "url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=293&" - }, - { - "name" : "24533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24533" - }, - { - "name" : "38562", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38562" - }, - { - "name" : "aol-siprequest-dos(35068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=293&", + "refsource": "MISC", + "url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=293&" + }, + { + "name": "38562", + "refsource": "OSVDB", + "url": "http://osvdb.org/38562" + }, + { + "name": "24533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24533" + }, + { + "name": "aol-siprequest-dos(35068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35068" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3451.json b/2007/3xxx/CVE-2007-3451.json index 676818d5248..ff0e9e642d3 100644 --- a/2007/3xxx/CVE-2007-3451.json +++ b/2007/3xxx/CVE-2007-3451.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4104", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4104" - }, - { - "name" : "24632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24632" - }, - { - "name" : "ADV-2007-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2323" - }, - { - "name" : "37013", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37013" - }, - { - "name" : "25834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25834" - }, - { - "name" : "6alblog-index-file-include(35157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4104", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4104" + }, + { + "name": "37013", + "refsource": "OSVDB", + "url": "http://osvdb.org/37013" + }, + { + "name": "25834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25834" + }, + { + "name": "ADV-2007-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2323" + }, + { + "name": "24632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24632" + }, + { + "name": "6alblog-index-file-include(35157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35157" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3831.json b/2007/3xxx/CVE-2007-3831.json index 477d8a0237a..c6cd795206d 100644 --- a/2007/3xxx/CVE-2007-3831.json +++ b/2007/3xxx/CVE-2007-3831.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sybsecurity.com/hack-proventia-1.pdf", - "refsource" : "MISC", - "url" : "http://www.sybsecurity.com/hack-proventia-1.pdf" - }, - { - "name" : "36474", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36474" - }, - { - "name" : "ADV-2007-2545", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2545" - }, - { - "name" : "25979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25979" + }, + { + "name": "ADV-2007-2545", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2545" + }, + { + "name": "36474", + "refsource": "OSVDB", + "url": "http://osvdb.org/36474" + }, + { + "name": "http://www.sybsecurity.com/hack-proventia-1.pdf", + "refsource": "MISC", + "url": "http://www.sybsecurity.com/hack-proventia-1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3929.json b/2007/3xxx/CVE-2007-3929.json index efc81892bcb..deae096c184 100644 --- a/2007/3xxx/CVE-2007-3929.json +++ b/2007/3xxx/CVE-2007-3929.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070719 Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564" - }, - { - "name" : "http://www.opera.com/support/search/view/862/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/862/" - }, - { - "name" : "GLSA-200708-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200708-17.xml" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "24970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24970" - }, - { - "name" : "ADV-2007-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2584" - }, - { - "name" : "1018431", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018431" - }, - { - "name" : "26138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26138" - }, - { - "name" : "26545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26545" - }, - { - "name" : "opera-bittorrent-code-execution(35509)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24970" + }, + { + "name": "http://www.opera.com/support/search/view/862/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/862/" + }, + { + "name": "opera-bittorrent-code-execution(35509)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35509" + }, + { + "name": "1018431", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018431" + }, + { + "name": "GLSA-200708-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200708-17.xml" + }, + { + "name": "26138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26138" + }, + { + "name": "ADV-2007-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2584" + }, + { + "name": "26545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26545" + }, + { + "name": "20070719 Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4656.json b/2007/4xxx/CVE-2007-4656.json index 32f35a81a1a..bfea48a63c3 100644 --- a/2007/4xxx/CVE-2007-4656.json +++ b/2007/4xxx/CVE-2007-4656.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392" - }, - { - "name" : "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173" - }, - { - "name" : "http://www2.backup-manager.org/Release063", - "refsource" : "CONFIRM", - "url" : "http://www2.backup-manager.org/Release063" - }, - { - "name" : "DSA-1518", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1518" - }, - { - "name" : "25503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25503" - }, - { - "name" : "37444", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37444" - }, - { - "name" : "1018639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018639" - }, - { - "name" : "26657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26657" - }, - { - "name" : "29377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26657" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392" + }, + { + "name": "25503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25503" + }, + { + "name": "http://www2.backup-manager.org/Release063", + "refsource": "CONFIRM", + "url": "http://www2.backup-manager.org/Release063" + }, + { + "name": "29377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29377" + }, + { + "name": "1018639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018639" + }, + { + "name": "DSA-1518", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1518" + }, + { + "name": "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173", + "refsource": "CONFIRM", + "url": "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173" + }, + { + "name": "37444", + "refsource": "OSVDB", + "url": "http://osvdb.org/37444" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4735.json b/2007/4xxx/CVE-2007-4735.json index 6e4cbf2feea..5cebb8e3e79 100644 --- a/2007/4xxx/CVE-2007-4735.json +++ b/2007/4xxx/CVE-2007-4735.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4354", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4354" - }, - { - "name" : "25512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25512" - }, - { - "name" : "25513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25513" - }, - { - "name" : "ADV-2007-3036", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3036" - }, - { - "name" : "40307", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40307" - }, - { - "name" : "26665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26665" - }, - { - "name" : "virtualdj-m3u-bo(36430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25513" + }, + { + "name": "25512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25512" + }, + { + "name": "26665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26665" + }, + { + "name": "4354", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4354" + }, + { + "name": "40307", + "refsource": "OSVDB", + "url": "http://osvdb.org/40307" + }, + { + "name": "virtualdj-m3u-bo(36430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36430" + }, + { + "name": "ADV-2007-3036", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3036" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6181.json b/2007/6xxx/CVE-2007-6181.json index b7fbd9060e1..f6661d1bd18 100644 --- a/2007/6xxx/CVE-2007-6181.json +++ b/2007/6xxx/CVE-2007-6181.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071124 [ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484153/100/0/threaded" - }, - { - "name" : "[cygwin-developers] 20071108 Re: cygwin1.dll up to 1.5.22 overflow", - "refsource" : "MLIST", - "url" : "http://cygwin.com/ml/cygwin-developers/2007-11/msg00005.html" - }, - { - "name" : "[cygwin-developers] 20071120 Re: cygwin1.dll up to 1.5.22 overflow", - "refsource" : "MLIST", - "url" : "http://cygwin.com/ml/cygwin-developers/2007-11/msg00024.html" - }, - { - "name" : "[cygwin-developers] 20071120 Re: cygwin1.dll up to 1.5.22 overflow", - "refsource" : "MLIST", - "url" : "http://cygwin.com/ml/cygwin-developers/2007-11/msg00026.html" - }, - { - "name" : "26557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26557" - }, - { - "name" : "3406", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[cygwin-developers] 20071120 Re: cygwin1.dll up to 1.5.22 overflow", + "refsource": "MLIST", + "url": "http://cygwin.com/ml/cygwin-developers/2007-11/msg00026.html" + }, + { + "name": "20071124 [ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484153/100/0/threaded" + }, + { + "name": "[cygwin-developers] 20071120 Re: cygwin1.dll up to 1.5.22 overflow", + "refsource": "MLIST", + "url": "http://cygwin.com/ml/cygwin-developers/2007-11/msg00024.html" + }, + { + "name": "3406", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3406" + }, + { + "name": "26557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26557" + }, + { + "name": "[cygwin-developers] 20071108 Re: cygwin1.dll up to 1.5.22 overflow", + "refsource": "MLIST", + "url": "http://cygwin.com/ml/cygwin-developers/2007-11/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1182.json b/2010/1xxx/CVE-2010-1182.json index d0456fd90a1..9776eeb8779 100644 --- a/2010/1xxx/CVE-2010-1182.json +++ b/2010/1xxx/CVE-2010-1182.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PK97376", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376" - }, - { - "name" : "PM09161", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161" - }, - { - "name" : "ADV-2010-0609", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0609", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0609" + }, + { + "name": "PK97376", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376" + }, + { + "name": "PM09161", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1314.json b/2010/1xxx/CVE-2010-1314.json index dac595992dd..2b8eed41520 100644 --- a/2010/1xxx/CVE-2010-1314.json +++ b/2010/1xxx/CVE-2010-1314.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt" - }, - { - "name" : "12086", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12086" - }, - { - "name" : "39239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39239" - }, - { - "name" : "39359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12086", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12086" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt" + }, + { + "name": "39239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39239" + }, + { + "name": "39359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39359" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1670.json b/2010/1xxx/CVE-2010-1670.json index ac6acca589c..3f1a4e6d0d9 100644 --- a/2010/1xxx/CVE-2010-1670.json +++ b/2010/1xxx/CVE-2010-1670.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiki.mahara.org/Release_Notes/1.0.15", - "refsource" : "CONFIRM", - "url" : "http://wiki.mahara.org/Release_Notes/1.0.15" - }, - { - "name" : "http://wiki.mahara.org/Release_Notes/1.1.9", - "refsource" : "CONFIRM", - "url" : "http://wiki.mahara.org/Release_Notes/1.1.9" - }, - { - "name" : "http://wiki.mahara.org/Release_Notes/1.2.5", - "refsource" : "CONFIRM", - "url" : "http://wiki.mahara.org/Release_Notes/1.2.5" - }, - { - "name" : "41319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41319" - }, - { - "name" : "40431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wiki.mahara.org/Release_Notes/1.1.9", + "refsource": "CONFIRM", + "url": "http://wiki.mahara.org/Release_Notes/1.1.9" + }, + { + "name": "http://wiki.mahara.org/Release_Notes/1.2.5", + "refsource": "CONFIRM", + "url": "http://wiki.mahara.org/Release_Notes/1.2.5" + }, + { + "name": "http://wiki.mahara.org/Release_Notes/1.0.15", + "refsource": "CONFIRM", + "url": "http://wiki.mahara.org/Release_Notes/1.0.15" + }, + { + "name": "40431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40431" + }, + { + "name": "41319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41319" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5160.json b/2010/5xxx/CVE-2010-5160.json index aa70da0132f..84034cf574b 100644 --- a/2010/5xxx/CVE-2010-5160.json +++ b/2010/5xxx/CVE-2010-5160.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5284.json b/2010/5xxx/CVE-2010-5284.json index 2c8573bd757..26772410a89 100644 --- a/2010/5xxx/CVE-2010-5284.json +++ b/2010/5xxx/CVE-2010-5284.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15240", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15240" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt" - }, - { - "name" : "http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt", - "refsource" : "MISC", - "url" : "http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt" - }, - { - "name" : "44050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44050" - }, - { - "name" : "41805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44050" + }, + { + "name": "15240", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15240" + }, + { + "name": "http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt" + }, + { + "name": "41805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41805" + }, + { + "name": "http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt", + "refsource": "MISC", + "url": "http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0106.json b/2014/0xxx/CVE-2014-0106.json index 2247b52f6cf..38b0a1e577f 100644 --- a/2014/0xxx/CVE-2014-0106.json +++ b/2014/0xxx/CVE-2014-0106.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/06/2" - }, - { - "name" : "http://www.sudo.ws/sudo/alerts/env_add.html", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/sudo/alerts/env_add.html" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "RHSA-2014:0266", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0266.html" - }, - { - "name" : "SUSE-SU-2014:0475", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html" - }, - { - "name" : "USN-2146-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2146-1" - }, - { - "name" : "65997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "http://www.sudo.ws/sudo/alerts/env_add.html", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/sudo/alerts/env_add.html" + }, + { + "name": "SUSE-SU-2014:0475", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "USN-2146-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2146-1" + }, + { + "name": "RHSA-2014:0266", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html" + }, + { + "name": "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/06/2" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "65997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65997" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0438.json b/2014/0xxx/CVE-2014-0438.json index 0d47f254140..e20a1301614 100644 --- a/2014/0xxx/CVE-2014-0438.json +++ b/2014/0xxx/CVE-2014-0438.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64887" - }, - { - "name" : "102043", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102043" - }, - { - "name" : "1029623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029623" - }, - { - "name" : "56478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64887" + }, + { + "name": "102043", + "refsource": "OSVDB", + "url": "http://osvdb.org/102043" + }, + { + "name": "56478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56478" + }, + { + "name": "1029623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029623" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0913.json b/2014/0xxx/CVE-2014-0913.json index 5fe4ad99dfb..8d569c91b32 100644 --- a/2014/0xxx/CVE-2014-0913.json +++ b/2014/0xxx/CVE-2014-0913.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671981", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671981" - }, - { - "name" : "1030215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030215" - }, - { - "name" : "ibm-inotes-cve20140913-xss(91880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030215" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981" + }, + { + "name": "ibm-inotes-cve20140913-xss(91880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91880" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0938.json b/2014/0xxx/CVE-2014-0938.json index 64b4a87c25b..d255fbc93e1 100644 --- a/2014/0xxx/CVE-2014-0938.json +++ b/2014/0xxx/CVE-2014-0938.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0938", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0938", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/100xxx/CVE-2014-100030.json b/2014/100xxx/CVE-2014-100030.json index e4b7be56b8e..8060d36b95d 100644 --- a/2014/100xxx/CVE-2014-100030.json +++ b/2014/100xxx/CVE-2014-100030.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-100030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-100030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/125464", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125464" - }, - { - "name" : "57171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57171" - }, - { - "name" : "ganesha-gdl-xss(91553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ganesha-gdl-xss(91553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91553" + }, + { + "name": "57171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57171" + }, + { + "name": "http://packetstormsecurity.com/files/125464", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125464" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5202.json b/2014/5xxx/CVE-2014-5202.json index 5d643475624..2430257eac0 100644 --- a/2014/5xxx/CVE-2014-5202.json +++ b/2014/5xxx/CVE-2014-5202.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html" - }, - { - "name" : "http://downloads.wordpress.org/plugin/compfight.1.5.zip", - "refsource" : "CONFIRM", - "url" : "http://downloads.wordpress.org/plugin/compfight.1.5.zip" - }, - { - "name" : "http://wordpress.org/plugins/compfight/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/compfight/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/plugins/compfight/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/compfight/changelog/" + }, + { + "name": "http://packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html" + }, + { + "name": "http://downloads.wordpress.org/plugin/compfight.1.5.zip", + "refsource": "CONFIRM", + "url": "http://downloads.wordpress.org/plugin/compfight.1.5.zip" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5372.json b/2014/5xxx/CVE-2014-5372.json index a122a525c5f..24c14af30d2 100644 --- a/2014/5xxx/CVE-2014-5372.json +++ b/2014/5xxx/CVE-2014-5372.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5372", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5372", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5703.json b/2014/5xxx/CVE-2014-5703.json index 53fcc5f969c..68326b7893d 100644 --- a/2014/5xxx/CVE-2014-5703.json +++ b/2014/5xxx/CVE-2014-5703.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application 1.0.34 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#679385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/679385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application 1.0.34 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#679385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/679385" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2235.json b/2015/2xxx/CVE-2015-2235.json index 79f1a09afc1..59de101f38b 100644 --- a/2015/2xxx/CVE-2015-2235.json +++ b/2015/2xxx/CVE-2015-2235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2235", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1067. Reason: This candidate is a duplicate of CVE-2015-1067. Notes: All CVE users should reference CVE-2015-1067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-2235", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1067. Reason: This candidate is a duplicate of CVE-2015-1067. Notes: All CVE users should reference CVE-2015-1067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2904.json b/2015/2xxx/CVE-2015-2904.json index 14ae736b60c..627d0095079 100644 --- a/2015/2xxx/CVE-2015-2904.json +++ b/2015/2xxx/CVE-2015-2904.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#335192", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/335192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#335192", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/335192" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10115.json b/2016/10xxx/CVE-2016-10115.json index 2f2f9e62462..4d4287f147c 100644 --- a/2016/10xxx/CVE-2016-10115.json +++ b/2016/10xxx/CVE-2016-10115.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/", - "refsource" : "MISC", - "url" : "http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/" - }, - { - "name" : "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability", - "refsource" : "MISC", - "url" : "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability" - }, - { - "name" : "95265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability", + "refsource": "MISC", + "url": "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability" + }, + { + "name": "http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/", + "refsource": "MISC", + "url": "http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/" + }, + { + "name": "95265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95265" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10260.json b/2016/10xxx/CVE-2016-10260.json index 6dd87984c78..98f71bc6c90 100644 --- a/2016/10xxx/CVE-2016-10260.json +++ b/2016/10xxx/CVE-2016-10260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10260", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10260", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10330.json b/2016/10xxx/CVE-2016-10330.json index 3fb9f7bb01b..2bbf7a45e04 100644 --- a/2016/10xxx/CVE-2016-10330.json +++ b/2016/10xxx/CVE-2016-10330.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "ID" : "CVE-2016-10330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Synology Photo Station", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 6.5.3-3226" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal (CWE-22); Privilege Escalation (CWE-269)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "ID": "CVE-2016-10330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Synology Photo Station", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 6.5.3-3226" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160128 CVE request: Synology Photo Station command injection and privilege escalation", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2016/q1/236" - }, - { - "name" : "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files", - "refsource" : "MISC", - "url" : "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files" - }, - { - "name" : "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation", - "refsource" : "MISC", - "url" : "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation" - }, - { - "name" : "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal (CWE-22); Privilege Escalation (CWE-269)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation", + "refsource": "MISC", + "url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation" + }, + { + "name": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files", + "refsource": "MISC", + "url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files" + }, + { + "name": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226" + }, + { + "name": "[oss-security] 20160128 CVE request: Synology Photo Station command injection and privilege escalation", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2016/q1/236" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10463.json b/2016/10xxx/CVE-2016-10463.json index 4d057724377..fc56ca07348 100644 --- a/2016/10xxx/CVE-2016-10463.json +++ b/2016/10xxx/CVE-2016-10463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10710.json b/2016/10xxx/CVE-2016-10710.json index a5608ddeeea..6642af67bb3 100644 --- a/2016/10xxx/CVE-2016-10710.json +++ b/2016/10xxx/CVE-2016-10710.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/", - "refsource" : "MISC", - "url" : "http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/", + "refsource": "MISC", + "url": "http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4520.json b/2016/4xxx/CVE-2016-4520.json index 39f3fbffadc..81c7d6c7e02 100644 --- a/2016/4xxx/CVE-2016-4520.json +++ b/2016/4xxx/CVE-2016-4520.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01" - }, - { - "name" : "http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01", - "refsource" : "CONFIRM", - "url" : "http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01" - }, - { - "name" : "91783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01" + }, + { + "name": "91783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91783" + }, + { + "name": "http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01", + "refsource": "CONFIRM", + "url": "http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8685.json b/2016/8xxx/CVE-2016-8685.json index ef232b06aa7..89748674f8c 100644 --- a/2016/8xxx/CVE-2016-8685.json +++ b/2016/8xxx/CVE-2016-8685.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161008 potrace: invalid memory access in findnext (decompose.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/08/17" - }, - { - "name" : "[oss-security] 20161015 Re: potrace: invalid memory access in findnext (decompose.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/9" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/" - }, - { - "name" : "93470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93470" + }, + { + "name": "[oss-security] 20161008 potrace: invalid memory access in findnext (decompose.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/17" + }, + { + "name": "[oss-security] 20161015 Re: potrace: invalid memory access in findnext (decompose.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/9" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8692.json b/2016/8xxx/CVE-2016-8692.json index badbe84cd28..c8ebca6c2c0 100644 --- a/2016/8xxx/CVE-2016-8692.json +++ b/2016/8xxx/CVE-2016-8692.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160823 Fuzzing jasper", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/23/6" - }, - { - "name" : "[oss-security] 20161015 Re: Fuzzing jasper", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/14" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385502", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385502" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020" - }, - { - "name" : "DSA-3785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3785" - }, - { - "name" : "FEDORA-2016-81f9c6f0ae", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "93588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385502", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385502" + }, + { + "name": "DSA-3785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3785" + }, + { + "name": "93588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93588" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "[oss-security] 20160823 Fuzzing jasper", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/23/6" + }, + { + "name": "FEDORA-2016-81f9c6f0ae", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/" + }, + { + "name": "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020" + }, + { + "name": "[oss-security] 20161015 Re: Fuzzing jasper", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/14" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8726.json b/2016/8xxx/CVE-2016-8726.json index 9c93fec15fa..567e8297fdb 100644 --- a/2016/8xxx/CVE-2016-8726.json +++ b/2016/8xxx/CVE-2016-8726.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-8726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", - "version" : { - "version_data" : [ - { - "version_value" : "1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Moxa" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Header Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-8726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "Moxa" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0240/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0240/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Header Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0240/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0240/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9091.json b/2016/9xxx/CVE-2016-9091.json index 3cfab801c3c..a1b2f367c82 100644 --- a/2016/9xxx/CVE-2016-9091.json +++ b/2016/9xxx/CVE-2016-9091.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "ID" : "CVE-2016-9091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Blue Coat ASG", - "version" : { - "version_data" : [ - { - "version_value" : "6.6 prior to 6.6.5.4" - } - ] - } - }, - { - "product_name" : "Blue Coat CAS", - "version" : { - "version_data" : [ - { - "version_value" : "1.3 prior to 1.3.7.4" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS command injection" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2016-9091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Blue Coat ASG", + "version": { + "version_data": [ + { + "version_value": "6.6 prior to 6.6.5.4" + } + ] + } + }, + { + "product_name": "Blue Coat CAS", + "version": { + "version_data": [ + { + "version_value": "1.3 prior to 1.3.7.4" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41785", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41785/" - }, - { - "name" : "41786", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41786/" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa138", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa138" - }, - { - "name" : "97372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97372" + }, + { + "name": "41785", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41785/" + }, + { + "name": "41786", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41786/" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa138", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa138" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9115.json b/2016/9xxx/CVE-2016-9115.json index 514df5ff23b..a5dba1e9f38 100644 --- a/2016/9xxx/CVE-2016-9115.json +++ b/2016/9xxx/CVE-2016-9115.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/uclouvain/openjpeg/issues/858", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/issues/858" - }, - { - "name" : "GLSA-201710-26", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-26" - }, - { - "name" : "93977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201710-26", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-26" + }, + { + "name": "93977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93977" + }, + { + "name": "https://github.com/uclouvain/openjpeg/issues/858", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/issues/858" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9830.json b/2016/9xxx/CVE-2016-9830.json index 85d951b9f96..fe498a50f59 100644 --- a/2016/9xxx/CVE-2016-9830.json +++ b/2016/9xxx/CVE-2016-9830.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161204 Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/5" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1401536", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1401536" - }, - { - "name" : "DSA-3746", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3746" - }, - { - "name" : "openSUSE-SU-2016:3238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html" - }, - { - "name" : "94625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:3238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html" + }, + { + "name": "[oss-security] 20161204 Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/5" + }, + { + "name": "94625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94625" + }, + { + "name": "DSA-3746", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3746" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1401536", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401536" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9886.json b/2016/9xxx/CVE-2016-9886.json index de2d65ddace..54d053a51b8 100644 --- a/2016/9xxx/CVE-2016-9886.json +++ b/2016/9xxx/CVE-2016-9886.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9886", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9886", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2273.json b/2019/2xxx/CVE-2019-2273.json index 47135e0f3c4..160d922540b 100644 --- a/2019/2xxx/CVE-2019-2273.json +++ b/2019/2xxx/CVE-2019-2273.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2273", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2273", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2407.json b/2019/2xxx/CVE-2019-2407.json index 5ea83cf98bc..a2c6e05e50b 100644 --- a/2019/2xxx/CVE-2019-2407.json +++ b/2019/2xxx/CVE-2019-2407.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Reporting and Analytics", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106576" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2540.json b/2019/2xxx/CVE-2019-2540.json index b6515bcabc3..7dd9332c60c 100644 --- a/2019/2xxx/CVE-2019-2540.json +++ b/2019/2xxx/CVE-2019-2540.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java Advanced Management Console: 2.12" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java Advanced Management Console: 2.12" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0001/" - }, - { - "name" : "106578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0001/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106578" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2883.json b/2019/2xxx/CVE-2019-2883.json index 6a842bc4f85..3637c014dcb 100644 --- a/2019/2xxx/CVE-2019-2883.json +++ b/2019/2xxx/CVE-2019-2883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2883", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2883", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6025.json b/2019/6xxx/CVE-2019-6025.json index 1565d7a3c7d..08e7518055d 100644 --- a/2019/6xxx/CVE-2019-6025.json +++ b/2019/6xxx/CVE-2019-6025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6025", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6025", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6207.json b/2019/6xxx/CVE-2019-6207.json index 1bb001f6328..6f572672b9c 100644 --- a/2019/6xxx/CVE-2019-6207.json +++ b/2019/6xxx/CVE-2019-6207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6569.json b/2019/6xxx/CVE-2019-6569.json index 64b21638459..65722a7ef69 100644 --- a/2019/6xxx/CVE-2019-6569.json +++ b/2019/6xxx/CVE-2019-6569.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6569", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6569", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6631.json b/2019/6xxx/CVE-2019-6631.json index 13f3285e6ca..93758755512 100644 --- a/2019/6xxx/CVE-2019-6631.json +++ b/2019/6xxx/CVE-2019-6631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7123.json b/2019/7xxx/CVE-2019-7123.json index 09c0208edac..412cf88cfa3 100644 --- a/2019/7xxx/CVE-2019-7123.json +++ b/2019/7xxx/CVE-2019-7123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7291.json b/2019/7xxx/CVE-2019-7291.json index a09c26f4728..3b37e1291d5 100644 --- a/2019/7xxx/CVE-2019-7291.json +++ b/2019/7xxx/CVE-2019-7291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7328.json b/2019/7xxx/CVE-2019-7328.json index b401dfece9c..25ed9f6e303 100644 --- a/2019/7xxx/CVE-2019-7328.json +++ b/2019/7xxx/CVE-2019-7328.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZoneMinder/zoneminder/issues/2449", - "refsource" : "MISC", - "url" : "https://github.com/ZoneMinder/zoneminder/issues/2449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZoneMinder/zoneminder/issues/2449", + "refsource": "MISC", + "url": "https://github.com/ZoneMinder/zoneminder/issues/2449" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7649.json b/2019/7xxx/CVE-2019-7649.json index d3ecbcd1996..4d5f8580035 100644 --- a/2019/7xxx/CVE-2019-7649.json +++ b/2019/7xxx/CVE-2019-7649.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/arterli/CmsWing/issues/41", - "refsource" : "MISC", - "url" : "https://github.com/arterli/CmsWing/issues/41" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/arterli/CmsWing/issues/41", + "refsource": "MISC", + "url": "https://github.com/arterli/CmsWing/issues/41" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7961.json b/2019/7xxx/CVE-2019-7961.json index 3b4151d472c..10a5308201b 100644 --- a/2019/7xxx/CVE-2019-7961.json +++ b/2019/7xxx/CVE-2019-7961.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7961", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7961", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file