From b12c3d4f79c11d1848b98f08f387f8f24cd62de5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:47:30 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0463.json | 210 +++++++++++----------- 2007/0xxx/CVE-2007-0492.json | 130 +++++++------- 2007/0xxx/CVE-2007-0562.json | 130 +++++++------- 2007/0xxx/CVE-2007-0613.json | 150 ++++++++-------- 2007/0xxx/CVE-2007-0854.json | 210 +++++++++++----------- 2007/1xxx/CVE-2007-1802.json | 160 ++++++++--------- 2007/3xxx/CVE-2007-3118.json | 180 +++++++++---------- 2007/3xxx/CVE-2007-3470.json | 200 ++++++++++----------- 2007/3xxx/CVE-2007-3625.json | 180 +++++++++---------- 2007/3xxx/CVE-2007-3951.json | 250 +++++++++++++------------- 2007/4xxx/CVE-2007-4014.json | 200 ++++++++++----------- 2007/4xxx/CVE-2007-4074.json | 190 ++++++++++---------- 2007/4xxx/CVE-2007-4178.json | 160 ++++++++--------- 2007/4xxx/CVE-2007-4362.json | 170 +++++++++--------- 2007/4xxx/CVE-2007-4706.json | 190 ++++++++++---------- 2007/4xxx/CVE-2007-4762.json | 170 +++++++++--------- 2014/100xxx/CVE-2014-100028.json | 150 ++++++++-------- 2014/5xxx/CVE-2014-5156.json | 34 ++-- 2014/5xxx/CVE-2014-5248.json | 130 +++++++------- 2014/5xxx/CVE-2014-5304.json | 34 ++-- 2014/5xxx/CVE-2014-5605.json | 140 +++++++-------- 2014/5xxx/CVE-2014-5791.json | 140 +++++++-------- 2015/2xxx/CVE-2015-2581.json | 120 ++++++------- 2015/2xxx/CVE-2015-2749.json | 170 +++++++++--------- 2015/2xxx/CVE-2015-2777.json | 34 ++-- 2015/2xxx/CVE-2015-2906.json | 140 +++++++-------- 2015/2xxx/CVE-2015-2927.json | 140 +++++++-------- 2015/6xxx/CVE-2015-6132.json | 140 +++++++-------- 2015/6xxx/CVE-2015-6392.json | 140 +++++++-------- 2015/6xxx/CVE-2015-6715.json | 140 +++++++-------- 2015/7xxx/CVE-2015-7316.json | 150 ++++++++-------- 2015/7xxx/CVE-2015-7660.json | 190 ++++++++++---------- 2016/0xxx/CVE-2016-0296.json | 148 ++++++++-------- 2016/0xxx/CVE-2016-0576.json | 130 +++++++------- 2016/10xxx/CVE-2016-10272.json | 140 +++++++-------- 2016/10xxx/CVE-2016-10475.json | 132 +++++++------- 2016/10xxx/CVE-2016-10624.json | 122 ++++++------- 2016/10xxx/CVE-2016-10722.json | 130 +++++++------- 2016/1xxx/CVE-2016-1084.json | 130 +++++++------- 2016/1xxx/CVE-2016-1660.json | 240 ++++++++++++------------- 2016/4xxx/CVE-2016-4070.json | 290 +++++++++++++++---------------- 2016/4xxx/CVE-2016-4381.json | 130 +++++++------- 2016/4xxx/CVE-2016-4432.json | 180 +++++++++---------- 2016/4xxx/CVE-2016-4547.json | 130 +++++++------- 2016/4xxx/CVE-2016-4917.json | 34 ++-- 2016/9xxx/CVE-2016-9265.json | 140 +++++++-------- 2016/9xxx/CVE-2016-9458.json | 34 ++-- 2019/2xxx/CVE-2019-2295.json | 34 ++-- 2019/2xxx/CVE-2019-2790.json | 34 ++-- 2019/3xxx/CVE-2019-3031.json | 34 ++-- 2019/3xxx/CVE-2019-3243.json | 34 ++-- 2019/3xxx/CVE-2019-3304.json | 34 ++-- 2019/3xxx/CVE-2019-3988.json | 34 ++-- 2019/6xxx/CVE-2019-6423.json | 34 ++-- 2019/6xxx/CVE-2019-6492.json | 34 ++-- 2019/6xxx/CVE-2019-6495.json | 34 ++-- 2019/6xxx/CVE-2019-6744.json | 34 ++-- 2019/6xxx/CVE-2019-6890.json | 34 ++-- 2019/7xxx/CVE-2019-7133.json | 34 ++-- 2019/7xxx/CVE-2019-7166.json | 34 ++-- 2019/7xxx/CVE-2019-7363.json | 34 ++-- 2019/7xxx/CVE-2019-7464.json | 34 ++-- 2019/7xxx/CVE-2019-7803.json | 34 ++-- 2019/8xxx/CVE-2019-8076.json | 34 ++-- 2019/8xxx/CVE-2019-8192.json | 34 ++-- 2019/8xxx/CVE-2019-8293.json | 34 ++-- 2019/8xxx/CVE-2019-8912.json | 130 +++++++------- 2019/8xxx/CVE-2019-8950.json | 130 +++++++------- 2019/9xxx/CVE-2019-9439.json | 34 ++-- 2019/9xxx/CVE-2019-9599.json | 130 +++++++------- 2019/9xxx/CVE-2019-9796.json | 34 ++-- 71 files changed, 4043 insertions(+), 4043 deletions(-) diff --git a/2007/0xxx/CVE-2007-0463.json b/2007/0xxx/CVE-2007-0463.json index 4e1e91b72ec..c9d02834afe 100644 --- a/2007/0xxx/CVE-2007-0463.json +++ b/2007/0xxx/CVE-2007-0463.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/moab/MOAB-24-01-2007.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/moab/MOAB-24-01-2007.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "22222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22222" - }, - { - "name" : "ADV-2007-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0337" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "32703", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32703" - }, - { - "name" : "1017755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017755" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "32703", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32703" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "http://projects.info-pull.com/moab/MOAB-24-01-2007.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/moab/MOAB-24-01-2007.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "ADV-2007-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0337" + }, + { + "name": "1017755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017755" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "22222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22222" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0492.json b/2007/0xxx/CVE-2007-0492.json index 29d048690af..ddbc247130c 100644 --- a/2007/0xxx/CVE-2007-0492.json +++ b/2007/0xxx/CVE-2007-0492.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2007-0270", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0270" - }, - { - "name" : "webspell-gallery-sql-injection(31632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webspell-gallery-sql-injection(31632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31632" + }, + { + "name": "ADV-2007-0270", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0270" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0562.json b/2007/0xxx/CVE-2007-0562.json index b48d5ccfbf2..15989751e11 100644 --- a/2007/0xxx/CVE-2007-0562.json +++ b/2007/0xxx/CVE-2007-0562.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3190", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3190" - }, - { - "name" : "43307", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3190", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3190" + }, + { + "name": "43307", + "refsource": "OSVDB", + "url": "http://osvdb.org/43307" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0613.json b/2007/0xxx/CVE-2007-0613.json index 939abd179e7..16c6f3c5280 100644 --- a/2007/0xxx/CVE-2007-0613.json +++ b/2007/0xxx/CVE-2007-0613.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/moab/MOAB-29-01-2007.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/moab/MOAB-29-01-2007.html" - }, - { - "name" : "22304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22304" - }, - { - "name" : "32699", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32699" - }, - { - "name" : "32698", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32698", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32698" + }, + { + "name": "http://projects.info-pull.com/moab/MOAB-29-01-2007.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/moab/MOAB-29-01-2007.html" + }, + { + "name": "22304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22304" + }, + { + "name": "32699", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32699" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0854.json b/2007/0xxx/CVE-2007-0854.json index 80ed7de16a1..c8a59336e30 100644 --- a/2007/0xxx/CVE-2007-0854.json +++ b/2007/0xxx/CVE-2007-0854.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070207 remote file include in whm (all version)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459409/100/0/threaded" - }, - { - "name" : "20070208 Re: remote file include in whm (all version)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459449/100/0/threaded" - }, - { - "name" : "http://changelog.cpanel.net/index.cgi", - "refsource" : "CONFIRM", - "url" : "http://changelog.cpanel.net/index.cgi" - }, - { - "name" : "22455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22455" - }, - { - "name" : "ADV-2007-0545", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0545" - }, - { - "name" : "32043", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32043" - }, - { - "name" : "33240", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33240" - }, - { - "name" : "35750", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35750" - }, - { - "name" : "24097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24097" - }, - { - "name" : "cpanel-webhost-objcache-xss(32400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0545", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0545" + }, + { + "name": "20070208 Re: remote file include in whm (all version)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459449/100/0/threaded" + }, + { + "name": "cpanel-webhost-objcache-xss(32400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32400" + }, + { + "name": "33240", + "refsource": "OSVDB", + "url": "http://osvdb.org/33240" + }, + { + "name": "http://changelog.cpanel.net/index.cgi", + "refsource": "CONFIRM", + "url": "http://changelog.cpanel.net/index.cgi" + }, + { + "name": "20070207 remote file include in whm (all version)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459409/100/0/threaded" + }, + { + "name": "22455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22455" + }, + { + "name": "32043", + "refsource": "OSVDB", + "url": "http://osvdb.org/32043" + }, + { + "name": "24097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24097" + }, + { + "name": "35750", + "refsource": "OSVDB", + "url": "http://osvdb.org/35750" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1802.json b/2007/1xxx/CVE-2007-1802.json index c287ded624d..a962cafada3 100644 --- a/2007/1xxx/CVE-2007-1802.json +++ b/2007/1xxx/CVE-2007-1802.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#40511721", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2340511721/index.html" - }, - { - "name" : "23207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23207" - }, - { - "name" : "ADV-2007-1166", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1166" - }, - { - "name" : "24681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24681" - }, - { - "name" : "maildwarf-unspecified-xss(33322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1166", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1166" + }, + { + "name": "24681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24681" + }, + { + "name": "23207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23207" + }, + { + "name": "maildwarf-unspecified-xss(33322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33322" + }, + { + "name": "JVN#40511721", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2340511721/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3118.json b/2007/3xxx/CVE-2007-3118.json index 40ad55c0d65..eb42c403271 100644 --- a/2007/3xxx/CVE-2007-3118.json +++ b/2007/3xxx/CVE-2007-3118.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4034", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4034" - }, - { - "name" : "24334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24334" - }, - { - "name" : "ADV-2007-2091", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2091" - }, - { - "name" : "38797", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38797" - }, - { - "name" : "38798", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38798" - }, - { - "name" : "38799", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38799" - }, - { - "name" : "kletter-scdir-file-include(34738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24334" + }, + { + "name": "kletter-scdir-file-include(34738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34738" + }, + { + "name": "38797", + "refsource": "OSVDB", + "url": "http://osvdb.org/38797" + }, + { + "name": "38799", + "refsource": "OSVDB", + "url": "http://osvdb.org/38799" + }, + { + "name": "38798", + "refsource": "OSVDB", + "url": "http://osvdb.org/38798" + }, + { + "name": "ADV-2007-2091", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2091" + }, + { + "name": "4034", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4034" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3470.json b/2007/3xxx/CVE-2007-3470.json index 8eed18a7759..5d5b7697653 100644 --- a/2007/3xxx/CVE-2007-3470.json +++ b/2007/3xxx/CVE-2007-3470.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to \"memory buffers\" of Secure Socket Layer (SSL) records." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-312.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-312.htm" - }, - { - "name" : "102918", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102918-1" - }, - { - "name" : "24686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24686" - }, - { - "name" : "ADV-2007-2365", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2365" - }, - { - "name" : "36609", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36609" - }, - { - "name" : "oval:org.mitre.oval:def:9165", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9165" - }, - { - "name" : "1018322", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018322" - }, - { - "name" : "25863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25863" - }, - { - "name" : "solaris-kssl-dos(35126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to \"memory buffers\" of Secure Socket Layer (SSL) records." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-kssl-dos(35126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35126" + }, + { + "name": "oval:org.mitre.oval:def:9165", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9165" + }, + { + "name": "102918", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102918-1" + }, + { + "name": "ADV-2007-2365", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2365" + }, + { + "name": "25863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25863" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-312.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-312.htm" + }, + { + "name": "36609", + "refsource": "OSVDB", + "url": "http://osvdb.org/36609" + }, + { + "name": "24686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24686" + }, + { + "name": "1018322", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018322" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3625.json b/2007/3xxx/CVE-2007-3625.json index 165d5535f8b..5788dd4a5f1 100644 --- a/2007/3xxx/CVE-2007-3625.json +++ b/2007/3xxx/CVE-2007-3625.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX113543", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX113543" - }, - { - "name" : "24790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24790" - }, - { - "name" : "37839", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37839" - }, - { - "name" : "ADV-2007-2455", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2455" - }, - { - "name" : "1018343", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018343" - }, - { - "name" : "25897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25897" - }, - { - "name" : "citrix-content-redirection-dos(35283)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018343", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018343" + }, + { + "name": "24790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24790" + }, + { + "name": "25897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25897" + }, + { + "name": "http://support.citrix.com/article/CTX113543", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX113543" + }, + { + "name": "ADV-2007-2455", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2455" + }, + { + "name": "37839", + "refsource": "OSVDB", + "url": "http://osvdb.org/37839" + }, + { + "name": "citrix-content-redirection-dos(35283)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3951.json b/2007/3xxx/CVE-2007-3951.json index 0386c36b1e7..e41ba1824d8 100644 --- a/2007/3xxx/CVE-2007-3951.json +++ b/2007/3xxx/CVE-2007-3951.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an \"integer cast around.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070723 n.runs-SA-2007.020 - Norman Antivirus ACE parsing Arbitrary Code Execution Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474423/100/0/threaded" - }, - { - "name" : "20070723 n.runs-SA-2007.021 - Norman Antivirus LZH parsing Arbitrary Code Execution Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474432/100/0/threaded" - }, - { - "name" : "http://www.nruns.com/security_advisory_Norman_all_ace_buffer_overflow.php", - "refsource" : "MISC", - "url" : "http://www.nruns.com/security_advisory_Norman_all_ace_buffer_overflow.php" - }, - { - "name" : "http://www.nruns.com/security_advisory_norman_antivirus_lzh_buffer_overflow.php", - "refsource" : "MISC", - "url" : "http://www.nruns.com/security_advisory_norman_antivirus_lzh_buffer_overflow.php" - }, - { - "name" : "25003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25003" - }, - { - "name" : "25015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25015" - }, - { - "name" : "ADV-2007-2619", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2619" - }, - { - "name" : "37982", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37982" - }, - { - "name" : "37983", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37983" - }, - { - "name" : "1018438", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018438" - }, - { - "name" : "26178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26178" - }, - { - "name" : "2912", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2912" - }, - { - "name" : "norman-ace-bo(35561)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35561" - }, - { - "name" : "norman-lzh-bo(35559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an \"integer cast around.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37982", + "refsource": "OSVDB", + "url": "http://osvdb.org/37982" + }, + { + "name": "25003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25003" + }, + { + "name": "37983", + "refsource": "OSVDB", + "url": "http://osvdb.org/37983" + }, + { + "name": "norman-ace-bo(35561)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35561" + }, + { + "name": "ADV-2007-2619", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2619" + }, + { + "name": "20070723 n.runs-SA-2007.020 - Norman Antivirus ACE parsing Arbitrary Code Execution Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474423/100/0/threaded" + }, + { + "name": "http://www.nruns.com/security_advisory_norman_antivirus_lzh_buffer_overflow.php", + "refsource": "MISC", + "url": "http://www.nruns.com/security_advisory_norman_antivirus_lzh_buffer_overflow.php" + }, + { + "name": "norman-lzh-bo(35559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35559" + }, + { + "name": "26178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26178" + }, + { + "name": "http://www.nruns.com/security_advisory_Norman_all_ace_buffer_overflow.php", + "refsource": "MISC", + "url": "http://www.nruns.com/security_advisory_Norman_all_ace_buffer_overflow.php" + }, + { + "name": "25015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25015" + }, + { + "name": "1018438", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018438" + }, + { + "name": "20070723 n.runs-SA-2007.021 - Norman Antivirus LZH parsing Arbitrary Code Execution Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474432/100/0/threaded" + }, + { + "name": "2912", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2912" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4014.json b/2007/4xxx/CVE-2007-4014.json index 36fd0cdb916..2edae632212 100644 --- a/2007/4xxx/CVE-2007-4014.json +++ b/2007/4xxx/CVE-2007-4014.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24954" - }, - { - "name" : "37056", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/37056" - }, - { - "name" : "37057", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/37057" - }, - { - "name" : "26109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26109" - }, - { - "name" : "26115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26115" - }, - { - "name" : "26116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26116" - }, - { - "name" : "blixed-wordpress-index-xss(35473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35473" - }, - { - "name" : "bllix-wordpress-index-xss(35472)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35472" - }, - { - "name" : "blixkrieg-wordpress-index-xss(35474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37056", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/37056" + }, + { + "name": "blixkrieg-wordpress-index-xss(35474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35474" + }, + { + "name": "26109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26109" + }, + { + "name": "bllix-wordpress-index-xss(35472)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35472" + }, + { + "name": "26115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26115" + }, + { + "name": "24954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24954" + }, + { + "name": "37057", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/37057" + }, + { + "name": "26116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26116" + }, + { + "name": "blixed-wordpress-index-xss(35473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35473" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4074.json b/2007/4xxx/CVE-2007-4074.json index 10aba767d9d..55e0e757ea8 100644 --- a/2007/4xxx/CVE-2007-4074.json +++ b/2007/4xxx/CVE-2007-4074.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080403 Medium security hole affecting Festival on Debian unstable/testing and Ubuntu Hardy Heron", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490465/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=170477", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=170477" - }, - { - "name" : "GLSA-200707-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200707-10.xml" - }, - { - "name" : "SUSE-SR:2007:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html" - }, - { - "name" : "25069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25069" - }, - { - "name" : "26229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26229" - }, - { - "name" : "27271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27271" - }, - { - "name" : "gentoo-festival-privilege-escalation(35606)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27271" + }, + { + "name": "20080403 Medium security hole affecting Festival on Debian unstable/testing and Ubuntu Hardy Heron", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490465/100/0/threaded" + }, + { + "name": "25069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25069" + }, + { + "name": "GLSA-200707-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200707-10.xml" + }, + { + "name": "26229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26229" + }, + { + "name": "gentoo-festival-privilege-escalation(35606)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35606" + }, + { + "name": "SUSE-SR:2007:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=170477", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=170477" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4178.json b/2007/4xxx/CVE-2007-4178.json index 85037d1de5c..71837a90412 100644 --- a/2007/4xxx/CVE-2007-4178.json +++ b/2007/4xxx/CVE-2007-4178.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.html" - }, - { - "name" : "25166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25166" - }, - { - "name" : "ADV-2007-2765", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2765" - }, - { - "name" : "36439", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36439" - }, - { - "name" : "26315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26315" + }, + { + "name": "http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.html" + }, + { + "name": "36439", + "refsource": "OSVDB", + "url": "http://osvdb.org/36439" + }, + { + "name": "25166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25166" + }, + { + "name": "ADV-2007-2765", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2765" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4362.json b/2007/4xxx/CVE-2007-4362.json index 6ab16384c53..109d90bccc4 100644 --- a/2007/4xxx/CVE-2007-4362.json +++ b/2007/4xxx/CVE-2007-4362.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4284", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4284" - }, - { - "name" : "25292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25292" - }, - { - "name" : "ADV-2007-2877", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2877" - }, - { - "name" : "36420", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36420" - }, - { - "name" : "26446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26446" - }, - { - "name" : "prozilla-category-sql-injection(35990)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25292" + }, + { + "name": "36420", + "refsource": "OSVDB", + "url": "http://osvdb.org/36420" + }, + { + "name": "4284", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4284" + }, + { + "name": "26446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26446" + }, + { + "name": "prozilla-category-sql-injection(35990)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35990" + }, + { + "name": "ADV-2007-2877", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2877" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4706.json b/2007/4xxx/CVE-2007-4706.json index 327a331c01a..2a0c27ef6b1 100644 --- a/2007/4xxx/CVE-2007-4706.json +++ b/2007/4xxx/CVE-2007-4706.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307176", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=307176" - }, - { - "name" : "APPLE-SA-2007-12-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html" - }, - { - "name" : "26868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26868" - }, - { - "name" : "ADV-2007-4217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4217" - }, - { - "name" : "40883", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40883" - }, - { - "name" : "1019099", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019099" - }, - { - "name" : "28092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28092" - }, - { - "name" : "quicktime-qtl-bo(39029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26868" + }, + { + "name": "ADV-2007-4217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4217" + }, + { + "name": "quicktime-qtl-bo(39029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39029" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307176", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=307176" + }, + { + "name": "APPLE-SA-2007-12-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html" + }, + { + "name": "40883", + "refsource": "OSVDB", + "url": "http://osvdb.org/40883" + }, + { + "name": "28092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28092" + }, + { + "name": "1019099", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019099" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4762.json b/2007/4xxx/CVE-2007-4762.json index 15f4dba8206..03135a88d5b 100644 --- a/2007/4xxx/CVE-2007-4762.json +++ b/2007/4xxx/CVE-2007-4762.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080124 E-SMART CART bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487055/100/200/threaded" - }, - { - "name" : "http://14house.blogspot.com/2007/09/e-smart-cart-sql-injection.html", - "refsource" : "MISC", - "url" : "http://14house.blogspot.com/2007/09/e-smart-cart-sql-injection.html" - }, - { - "name" : "25532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25532" - }, - { - "name" : "27452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27452" - }, - { - "name" : "38419", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38419" - }, - { - "name" : "esmartcart-login-sql-injection(39988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "esmartcart-login-sql-injection(39988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39988" + }, + { + "name": "20080124 E-SMART CART bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487055/100/200/threaded" + }, + { + "name": "38419", + "refsource": "OSVDB", + "url": "http://osvdb.org/38419" + }, + { + "name": "27452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27452" + }, + { + "name": "25532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25532" + }, + { + "name": "http://14house.blogspot.com/2007/09/e-smart-cart-sql-injection.html", + "refsource": "MISC", + "url": "http://14house.blogspot.com/2007/09/e-smart-cart-sql-injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/100xxx/CVE-2014-100028.json b/2014/100xxx/CVE-2014-100028.json index 8a04e8c9d40..c610db56f0b 100644 --- a/2014/100xxx/CVE-2014-100028.json +++ b/2014/100xxx/CVE-2014-100028.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-100028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-100028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124682", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124682" - }, - { - "name" : "64681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64681" - }, - { - "name" : "56307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56307" - }, - { - "name" : "webcrafted-useraccount-xss(90140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/124682", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124682" + }, + { + "name": "webcrafted-useraccount-xss(90140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90140" + }, + { + "name": "64681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64681" + }, + { + "name": "56307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56307" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5156.json b/2014/5xxx/CVE-2014-5156.json index 95cddb06695..c240be4a5ec 100644 --- a/2014/5xxx/CVE-2014-5156.json +++ b/2014/5xxx/CVE-2014-5156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5248.json b/2014/5xxx/CVE-2014-5248.json index 14ef424d897..61c4525958b 100644 --- a/2014/5xxx/CVE-2014-5248.json +++ b/2014/5xxx/CVE-2014-5248.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release" - }, - { - "name" : "59707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59707" + }, + { + "name": "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2014/08/04/mybb-1-6-15-released-security-maintenance-release" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5304.json b/2014/5xxx/CVE-2014-5304.json index 62224576a48..d6ce334fa18 100644 --- a/2014/5xxx/CVE-2014-5304.json +++ b/2014/5xxx/CVE-2014-5304.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5304", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5304", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5605.json b/2014/5xxx/CVE-2014-5605.json index def0583f22c..b81ea1434ae 100644 --- a/2014/5xxx/CVE-2014-5605.json +++ b/2014/5xxx/CVE-2014-5605.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The QQ Copy (aka com.digimobistudio.qqcopy) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#744857", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/744857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The QQ Copy (aka com.digimobistudio.qqcopy) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#744857", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/744857" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5791.json b/2014/5xxx/CVE-2014-5791.json index 188ef753862..cd64c0290d7 100644 --- a/2014/5xxx/CVE-2014-5791.json +++ b/2014/5xxx/CVE-2014-5791.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Daum Cloud (aka net.daum.android.cloud) application 1.6.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#654041", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/654041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Daum Cloud (aka net.daum.android.cloud) application 1.6.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#654041", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/654041" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2581.json b/2015/2xxx/CVE-2015-2581.json index 734a027db2e..077ac7f06e0 100644 --- a/2015/2xxx/CVE-2015-2581.json +++ b/2015/2xxx/CVE-2015-2581.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.1 and 5.2 allows remote attackers to affect confidentiality and availability via unknown vectors related to JServer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.1 and 5.2 allows remote attackers to affect confidentiality and availability via unknown vectors related to JServer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2749.json b/2015/2xxx/CVE-2015-2749.json index 4e091e14f68..517085892e0 100644 --- a/2015/2xxx/CVE-2015-2749.json +++ b/2015/2xxx/CVE-2015-2749.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150326 Re: CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/26/4" - }, - { - "name" : "http://cgit.drupalcode.org/drupal/commit/?id=d2304f840c43c190c6e136ee9901ed9797b4c3ca", - "refsource" : "CONFIRM", - "url" : "http://cgit.drupalcode.org/drupal/commit/?id=d2304f840c43c190c6e136ee9901ed9797b4c3ca" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1204753", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1204753" - }, - { - "name" : "https://www.drupal.org/SA-CORE-2015-001", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2015-001" - }, - { - "name" : "DSA-3200", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3200" - }, - { - "name" : "73219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cgit.drupalcode.org/drupal/commit/?id=d2304f840c43c190c6e136ee9901ed9797b4c3ca", + "refsource": "CONFIRM", + "url": "http://cgit.drupalcode.org/drupal/commit/?id=d2304f840c43c190c6e136ee9901ed9797b4c3ca" + }, + { + "name": "DSA-3200", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3200" + }, + { + "name": "[oss-security] 20150326 Re: CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/26/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1204753", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204753" + }, + { + "name": "73219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73219" + }, + { + "name": "https://www.drupal.org/SA-CORE-2015-001", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2015-001" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2777.json b/2015/2xxx/CVE-2015-2777.json index feae7e71c4a..2e16c9df8ca 100644 --- a/2015/2xxx/CVE-2015-2777.json +++ b/2015/2xxx/CVE-2015-2777.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2777", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2777", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2906.json b/2015/2xxx/CVE-2015-2906.json index b2d9da6acef..735e72aa6e7 100644 --- a/2015/2xxx/CVE-2015-2906.json +++ b/2015/2xxx/CVE-2015-2906.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. NOTE: the vendor states \"This was a flaw for the developer/debugging devices (again not possible in production versions).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster", - "refsource" : "MISC", - "url" : "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/CKIG-9ZAQGX", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/CKIG-9ZAQGX" - }, - { - "name" : "VU#209512", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/209512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. NOTE: the vendor states \"This was a flaw for the developer/debugging devices (again not possible in production versions).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/CKIG-9ZAQGX", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/CKIG-9ZAQGX" + }, + { + "name": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster", + "refsource": "MISC", + "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster" + }, + { + "name": "VU#209512", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/209512" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2927.json b/2015/2xxx/CVE-2015-2927.json index ef45e806edd..4b2bfb7511c 100644 --- a/2015/2xxx/CVE-2015-2927.json +++ b/2015/2xxx/CVE-2015-2927.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150406 Re: Request CVE for LinuxNode - DoS vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/06/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1209781", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1209781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1209781", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209781" + }, + { + "name": "[oss-security] 20150406 Re: Request CVE for LinuxNode - DoS vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/06/3" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6132.json b/2015/6xxx/CVE-2015-6132.json index 8c62e7690c2..21dd13cec6b 100644 --- a/2015/6xxx/CVE-2015-6132.json +++ b/2015/6xxx/CVE-2015-6132.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Library Loading Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38968", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38968/" - }, - { - "name" : "MS15-132", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132" - }, - { - "name" : "1034338", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Library Loading Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38968", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38968/" + }, + { + "name": "1034338", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034338" + }, + { + "name": "MS15-132", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6392.json b/2015/6xxx/CVE-2015-6392.json index e4ba6c61e16..81cf7778a2d 100644 --- a/2015/6xxx/CVE-2015-6392.json +++ b/2015/6xxx/CVE-2015-6392.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161005 Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1" - }, - { - "name" : "93406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93406" - }, - { - "name" : "1036948", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93406" + }, + { + "name": "20161005 Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1" + }, + { + "name": "1036948", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036948" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6715.json b/2015/6xxx/CVE-2015-6715.json index 085e114e9d4..46c2cd7314a 100644 --- a/2015/6xxx/CVE-2015-6715.json +++ b/2015/6xxx/CVE-2015-6715.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Function apply implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-6715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-491", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-491" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" - }, - { - "name" : "1033796", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Function apply implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" + }, + { + "name": "1033796", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033796" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-491", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-491" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7316.json b/2015/7xxx/CVE-2015-7316.json index e5d6149e71d..8262135c95b 100644 --- a/2015/7xxx/CVE-2015-7316.json +++ b/2015/7xxx/CVE-2015-7316.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150922 Re: CVE Request: Plone XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/22/14" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087", - "refsource" : "MISC", - "url" : "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1264788", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1264788" - }, - { - "name" : "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone", - "refsource" : "CONFIRM", - "url" : "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150922 Re: CVE Request: Plone XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/22/14" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788" + }, + { + "name": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087", + "refsource": "MISC", + "url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087" + }, + { + "name": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone", + "refsource": "CONFIRM", + "url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7660.json b/2015/7xxx/CVE-2015-7660.json index 8a922fcbb4d..7bdfa7a8207 100644 --- a/2015/7xxx/CVE-2015-7660.json +++ b/2015/7xxx/CVE-2015-7660.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-7660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-565", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-565" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html" - }, - { - "name" : "GLSA-201511-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201511-02" - }, - { - "name" : "RHSA-2015:2023", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2023.html" - }, - { - "name" : "RHSA-2015:2024", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2024.html" - }, - { - "name" : "openSUSE-SU-2015:1984", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html" - }, - { - "name" : "77533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77533" - }, - { - "name" : "1034111", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034111", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034111" + }, + { + "name": "RHSA-2015:2024", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-28.html" + }, + { + "name": "openSUSE-SU-2015:1984", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html" + }, + { + "name": "GLSA-201511-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201511-02" + }, + { + "name": "77533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77533" + }, + { + "name": "RHSA-2015:2023", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2023.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-565", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-565" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0296.json b/2016/0xxx/CVE-2016-0296.json index 82c2971f8ea..47504dd1c6a 100644 --- a/2016/0xxx/CVE-2016-0296.json +++ b/2016/0xxx/CVE-2016-0296.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Platform", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.2" - }, - { - "version_value" : "9.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21993213", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21993213" - }, - { - "name" : "94213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21993213", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21993213" + }, + { + "name": "94213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94213" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0576.json b/2016/0xxx/CVE-2016-0576.json index 0dde6ceda7b..bda8663ccfd 100644 --- a/2016/0xxx/CVE-2016-0576.json +++ b/2016/0xxx/CVE-2016-0576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to ICX LOVs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to ICX LOVs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034726" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10272.json b/2016/10xxx/CVE-2016-10272.json index 32de6a58a91..0ba8dfad083 100644 --- a/2016/10xxx/CVE-2016-10272.json +++ b/2016/10xxx/CVE-2016-10272.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"WRITE of size 2048\" and libtiff/tif_next.c:64:9." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/" - }, - { - "name" : "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a", - "refsource" : "MISC", - "url" : "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a" - }, - { - "name" : "97197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"WRITE of size 2048\" and libtiff/tif_next.c:64:9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/" + }, + { + "name": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a", + "refsource": "MISC", + "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a" + }, + { + "name": "97197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97197" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10475.json b/2016/10xxx/CVE-2016-10475.json index a3aa5cf7bf0..87b4b901e4a 100644 --- a/2016/10xxx/CVE-2016-10475.json +++ b/2016/10xxx/CVE-2016-10475.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, lack input validation may lead to a integer overflow that could potentially lead to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer overflow to buffer overflow in RIL" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, lack input validation may lead to a integer overflow that could potentially lead to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow to buffer overflow in RIL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10624.json b/2016/10xxx/CVE-2016-10624.json index 58a5a6e96a2..30a00a89d0c 100644 --- a/2016/10xxx/CVE-2016-10624.json +++ b/2016/10xxx/CVE-2016-10624.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "selenium-chromedriver node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "selenium-chromedriver node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/222", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/222", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/222" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10722.json b/2016/10xxx/CVE-2016-10722.json index c20fbbde4db..270adcab06f 100644 --- a/2016/10xxx/CVE-2016-10722.json +++ b/2016/10xxx/CVE-2016-10722.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://david.gnedt.at/blog/2016/11/14/advisory-partclone-fat-bitmap-heap-overflow/", - "refsource" : "MISC", - "url" : "https://david.gnedt.at/blog/2016/11/14/advisory-partclone-fat-bitmap-heap-overflow/" - }, - { - "name" : "https://github.com/Thomas-Tsai/partclone/issues/71", - "refsource" : "MISC", - "url" : "https://github.com/Thomas-Tsai/partclone/issues/71" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://david.gnedt.at/blog/2016/11/14/advisory-partclone-fat-bitmap-heap-overflow/", + "refsource": "MISC", + "url": "https://david.gnedt.at/blog/2016/11/14/advisory-partclone-fat-bitmap-heap-overflow/" + }, + { + "name": "https://github.com/Thomas-Tsai/partclone/issues/71", + "refsource": "MISC", + "url": "https://github.com/Thomas-Tsai/partclone/issues/71" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1084.json b/2016/1xxx/CVE-2016-1084.json index 2200c9742a7..6734181bc57 100644 --- a/2016/1xxx/CVE-2016-1084.json +++ b/2016/1xxx/CVE-2016-1084.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html" - }, - { - "name" : "1035828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035828" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1660.json b/2016/1xxx/CVE-2016-1660.json index e120b8b139f..c08b85f15c5 100644 --- a/2016/1xxx/CVE-2016-1660.json +++ b/2016/1xxx/CVE-2016-1660.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html" - }, - { - "name" : "https://codereview.chromium.org/1672603002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1672603002" - }, - { - "name" : "https://codereview.chromium.org/1677363002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1677363002" - }, - { - "name" : "https://crbug.com/574802", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/574802" - }, - { - "name" : "DSA-3564", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3564" - }, - { - "name" : "GLSA-201605-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-02" - }, - { - "name" : "RHSA-2016:0707", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0707.html" - }, - { - "name" : "openSUSE-SU-2016:1655", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html" - }, - { - "name" : "openSUSE-SU-2016:1207", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1208", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html" - }, - { - "name" : "openSUSE-SU-2016:1209", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html" - }, - { - "name" : "USN-2960-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2960-1" - }, - { - "name" : "89106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/89106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1208", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html" + }, + { + "name": "https://crbug.com/574802", + "refsource": "CONFIRM", + "url": "https://crbug.com/574802" + }, + { + "name": "DSA-3564", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3564" + }, + { + "name": "openSUSE-SU-2016:1655", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html" + }, + { + "name": "openSUSE-SU-2016:1209", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html" + }, + { + "name": "USN-2960-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2960-1" + }, + { + "name": "https://codereview.chromium.org/1677363002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1677363002" + }, + { + "name": "89106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/89106" + }, + { + "name": "openSUSE-SU-2016:1207", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html" + }, + { + "name": "RHSA-2016:0707", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html" + }, + { + "name": "GLSA-201605-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-02" + }, + { + "name": "https://codereview.chromium.org/1672603002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1672603002" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4070.json b/2016/4xxx/CVE-2016-4070.json index 4216ed6b1ac..9b80318b9ab 100644 --- a/2016/4xxx/CVE-2016-4070.json +++ b/2016/4xxx/CVE-2016-4070.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says \"Not sure if this qualifies as security issue (probably not).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160423 Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/24/1" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=71798", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=71798" - }, - { - "name" : "https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451", - "refsource" : "CONFIRM", - "url" : "https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451" - }, - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "DSA-3560", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3560" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "SUSE-SU-2016:1277", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html" - }, - { - "name" : "openSUSE-SU-2016:1274", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html" - }, - { - "name" : "openSUSE-SU-2016:1373", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html" - }, - { - "name" : "USN-2952-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2952-1" - }, - { - "name" : "USN-2952-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2952-2" - }, - { - "name" : "85801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says \"Not sure if this qualifies as security issue (probably not).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2952-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2952-1" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" + }, + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451", + "refsource": "CONFIRM", + "url": "https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451" + }, + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "DSA-3560", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3560" + }, + { + "name": "USN-2952-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2952-2" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://bugs.php.net/bug.php?id=71798", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=71798" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" + }, + { + "name": "openSUSE-SU-2016:1274", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html" + }, + { + "name": "85801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85801" + }, + { + "name": "SUSE-SU-2016:1277", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html" + }, + { + "name": "[oss-security] 20160423 Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/24/1" + }, + { + "name": "openSUSE-SU-2016:1373", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4381.json b/2016/4xxx/CVE-2016-4381.json index 38828dd08a2..a7fe62bba0d 100644 --- a/2016/4xxx/CVE-2016-4381.json +++ b/2016/4xxx/CVE-2016-4381.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05257711", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05257711" - }, - { - "name" : "92733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05257711", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05257711" + }, + { + "name": "92733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92733" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4432.json b/2016/4xxx/CVE-2016-4432.json index 00d9ed1301a..454faa05e80 100644 --- a/2016/4xxx/CVE-2016-4432.json +++ b/2016/4xxx/CVE-2016-4432.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160527 [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538508/100/0/threaded" - }, - { - "name" : "[qpid-users] 20160527 [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3CCAFEMS4tXDKYxKVMmU0zTb_7uzduoUS4_RePnUwz1tj%2BGQLNw5Q%40mail.gmail.com%3E" - }, - { - "name" : "http://packetstormsecurity.com/files/137216/Apache-Qpid-Java-Broker-6.0.2-Authentication-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137216/Apache-Qpid-Java-Broker-6.0.2-Authentication-Bypass.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-7257", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/QPID-7257" - }, - { - "name" : "https://svn.apache.org/viewvc?view=revision&revision=1743161", - "refsource" : "CONFIRM", - "url" : "https://svn.apache.org/viewvc?view=revision&revision=1743161" - }, - { - "name" : "https://svn.apache.org/viewvc?view=revision&revision=1743393", - "refsource" : "CONFIRM", - "url" : "https://svn.apache.org/viewvc?view=revision&revision=1743393" - }, - { - "name" : "1035983", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160527 [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538508/100/0/threaded" + }, + { + "name": "1035983", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035983" + }, + { + "name": "https://svn.apache.org/viewvc?view=revision&revision=1743393", + "refsource": "CONFIRM", + "url": "https://svn.apache.org/viewvc?view=revision&revision=1743393" + }, + { + "name": "https://svn.apache.org/viewvc?view=revision&revision=1743161", + "refsource": "CONFIRM", + "url": "https://svn.apache.org/viewvc?view=revision&revision=1743161" + }, + { + "name": "http://packetstormsecurity.com/files/137216/Apache-Qpid-Java-Broker-6.0.2-Authentication-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137216/Apache-Qpid-Java-Broker-6.0.2-Authentication-Bypass.html" + }, + { + "name": "[qpid-users] 20160527 [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3CCAFEMS4tXDKYxKVMmU0zTb_7uzduoUS4_RePnUwz1tj%2BGQLNw5Q%40mail.gmail.com%3E" + }, + { + "name": "https://issues.apache.org/jira/browse/QPID-7257", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/QPID-7257" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4547.json b/2016/4xxx/CVE-2016-4547.json index 9788b451b93..ae93734a5c3 100644 --- a/2016/4xxx/CVE-2016-4547.json +++ b/2016/4xxx/CVE-2016-4547.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160505 Re: CVE request - samsumg android phone TvoutService_C binder service DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/06/2" - }, - { - "name" : "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016", - "refsource" : "CONFIRM", - "url" : "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016", + "refsource": "CONFIRM", + "url": "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016" + }, + { + "name": "[oss-security] 20160505 Re: CVE request - samsumg android phone TvoutService_C binder service DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/06/2" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4917.json b/2016/4xxx/CVE-2016-4917.json index fa2819a996f..4023c45a66a 100644 --- a/2016/4xxx/CVE-2016-4917.json +++ b/2016/4xxx/CVE-2016-4917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9265.json b/2016/9xxx/CVE-2016-9265.json index 6241d6361c8..ad8d8773e53 100644 --- a/2016/9xxx/CVE-2016-9265.json +++ b/2016/9xxx/CVE-2016-9265.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161110 Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/10/10" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list" - }, - { - "name" : "94252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94252" + }, + { + "name": "[oss-security] 20161110 Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/10/10" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9458.json b/2016/9xxx/CVE-2016-9458.json index 5090fbc81ac..41bba2ea264 100644 --- a/2016/9xxx/CVE-2016-9458.json +++ b/2016/9xxx/CVE-2016-9458.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9458", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9458", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2295.json b/2019/2xxx/CVE-2019-2295.json index 4682ea2117a..6f96523a6f0 100644 --- a/2019/2xxx/CVE-2019-2295.json +++ b/2019/2xxx/CVE-2019-2295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2790.json b/2019/2xxx/CVE-2019-2790.json index f33dfebe9bb..da176d1b4bb 100644 --- a/2019/2xxx/CVE-2019-2790.json +++ b/2019/2xxx/CVE-2019-2790.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2790", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2790", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3031.json b/2019/3xxx/CVE-2019-3031.json index e8e55500b8c..ced327ce83c 100644 --- a/2019/3xxx/CVE-2019-3031.json +++ b/2019/3xxx/CVE-2019-3031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3031", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3031", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3243.json b/2019/3xxx/CVE-2019-3243.json index 0565f2e0fb6..2c48e6283f6 100644 --- a/2019/3xxx/CVE-2019-3243.json +++ b/2019/3xxx/CVE-2019-3243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3243", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3243", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3304.json b/2019/3xxx/CVE-2019-3304.json index a51156c4ef4..124ff263353 100644 --- a/2019/3xxx/CVE-2019-3304.json +++ b/2019/3xxx/CVE-2019-3304.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3304", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3304", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3988.json b/2019/3xxx/CVE-2019-3988.json index 5d0d4cf2000..811612bd941 100644 --- a/2019/3xxx/CVE-2019-3988.json +++ b/2019/3xxx/CVE-2019-3988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3988", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3988", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6423.json b/2019/6xxx/CVE-2019-6423.json index 3488fb1418b..6339ea4d6e3 100644 --- a/2019/6xxx/CVE-2019-6423.json +++ b/2019/6xxx/CVE-2019-6423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6492.json b/2019/6xxx/CVE-2019-6492.json index d3390b94f12..634de7459ee 100644 --- a/2019/6xxx/CVE-2019-6492.json +++ b/2019/6xxx/CVE-2019-6492.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6492", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6492", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6495.json b/2019/6xxx/CVE-2019-6495.json index 114f5f28223..818ddb2934f 100644 --- a/2019/6xxx/CVE-2019-6495.json +++ b/2019/6xxx/CVE-2019-6495.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6495", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6495", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6744.json b/2019/6xxx/CVE-2019-6744.json index 65131182323..ce6d755215d 100644 --- a/2019/6xxx/CVE-2019-6744.json +++ b/2019/6xxx/CVE-2019-6744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6744", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6744", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6890.json b/2019/6xxx/CVE-2019-6890.json index 9a2db48b0db..63df4aca246 100644 --- a/2019/6xxx/CVE-2019-6890.json +++ b/2019/6xxx/CVE-2019-6890.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6890", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6890", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7133.json b/2019/7xxx/CVE-2019-7133.json index 23807d7fed7..3bd26d9beb2 100644 --- a/2019/7xxx/CVE-2019-7133.json +++ b/2019/7xxx/CVE-2019-7133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7166.json b/2019/7xxx/CVE-2019-7166.json index 5b7927d95ce..9e93aedf5f7 100644 --- a/2019/7xxx/CVE-2019-7166.json +++ b/2019/7xxx/CVE-2019-7166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7363.json b/2019/7xxx/CVE-2019-7363.json index 37588533dc6..3b99b64435c 100644 --- a/2019/7xxx/CVE-2019-7363.json +++ b/2019/7xxx/CVE-2019-7363.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7363", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7363", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7464.json b/2019/7xxx/CVE-2019-7464.json index f64416dd886..ce6b2f6b99b 100644 --- a/2019/7xxx/CVE-2019-7464.json +++ b/2019/7xxx/CVE-2019-7464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7464", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7464", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7803.json b/2019/7xxx/CVE-2019-7803.json index b77029a5ade..4ea5f233c73 100644 --- a/2019/7xxx/CVE-2019-7803.json +++ b/2019/7xxx/CVE-2019-7803.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7803", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7803", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8076.json b/2019/8xxx/CVE-2019-8076.json index abf20894c22..0f0208020ee 100644 --- a/2019/8xxx/CVE-2019-8076.json +++ b/2019/8xxx/CVE-2019-8076.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8076", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8076", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8192.json b/2019/8xxx/CVE-2019-8192.json index 31b73d54535..7baaf9a09ec 100644 --- a/2019/8xxx/CVE-2019-8192.json +++ b/2019/8xxx/CVE-2019-8192.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8192", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8293.json b/2019/8xxx/CVE-2019-8293.json index a2f37ff5078..9cec1e8d3f3 100644 --- a/2019/8xxx/CVE-2019-8293.json +++ b/2019/8xxx/CVE-2019-8293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8912.json b/2019/8xxx/CVE-2019-8912.json index 09c68378346..35591d279c3 100644 --- a/2019/8xxx/CVE-2019-8912.json +++ b/2019/8xxx/CVE-2019-8912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://patchwork.ozlabs.org/patch/1042902/", - "refsource" : "MISC", - "url" : "http://patchwork.ozlabs.org/patch/1042902/" - }, - { - "name" : "107063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107063" + }, + { + "name": "http://patchwork.ozlabs.org/patch/1042902/", + "refsource": "MISC", + "url": "http://patchwork.ozlabs.org/patch/1042902/" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8950.json b/2019/8xxx/CVE-2019-8950.json index 8b69dce5520..84f671c8b83 100644 --- a/2019/8xxx/CVE-2019-8950.json +++ b/2019/8xxx/CVE-2019-8950.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.burghardt.pl/2019/02/dasan-h665-has-vendor-backdoor-built-into-busyboxs-bin-login/", - "refsource" : "MISC", - "url" : "https://blog.burghardt.pl/2019/02/dasan-h665-has-vendor-backdoor-built-into-busyboxs-bin-login/" - }, - { - "name" : "https://seclists.org/bugtraq/2019/Feb/32", - "refsource" : "MISC", - "url" : "https://seclists.org/bugtraq/2019/Feb/32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://seclists.org/bugtraq/2019/Feb/32", + "refsource": "MISC", + "url": "https://seclists.org/bugtraq/2019/Feb/32" + }, + { + "name": "https://blog.burghardt.pl/2019/02/dasan-h665-has-vendor-backdoor-built-into-busyboxs-bin-login/", + "refsource": "MISC", + "url": "https://blog.burghardt.pl/2019/02/dasan-h665-has-vendor-backdoor-built-into-busyboxs-bin-login/" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9439.json b/2019/9xxx/CVE-2019-9439.json index af82c8b4a9d..7a75aaf1824 100644 --- a/2019/9xxx/CVE-2019-9439.json +++ b/2019/9xxx/CVE-2019-9439.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9439", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9439", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9599.json b/2019/9xxx/CVE-2019-9599.json index abb0c520375..13e0b23b3c3 100644 --- a/2019/9xxx/CVE-2019-9599.json +++ b/2019/9xxx/CVE-2019-9599.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46337", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46337" - }, - { - "name" : "https://www.youtube.com/watch?v=0QDM224_6DM", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=0QDM224_6DM" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=0QDM224_6DM", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=0QDM224_6DM" + }, + { + "name": "46337", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46337" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9796.json b/2019/9xxx/CVE-2019-9796.json index 3f4d7e966d7..b3b6f292b19 100644 --- a/2019/9xxx/CVE-2019-9796.json +++ b/2019/9xxx/CVE-2019-9796.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9796", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9796", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file