From b272d490c77f38f94c39ae3a4a3bace24c310c94 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:15:30 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0433.json | 160 +++++++++---------- 2007/0xxx/CVE-2007-0635.json | 200 ++++++++++++------------ 2007/2xxx/CVE-2007-2626.json | 160 +++++++++---------- 2007/3xxx/CVE-2007-3179.json | 150 +++++++++--------- 2007/3xxx/CVE-2007-3428.json | 140 ++++++++--------- 2007/3xxx/CVE-2007-3784.json | 190 +++++++++++------------ 2007/4xxx/CVE-2007-4064.json | 170 ++++++++++---------- 2007/4xxx/CVE-2007-4507.json | 120 +++++++-------- 2007/4xxx/CVE-2007-4837.json | 180 +++++++++++----------- 2007/6xxx/CVE-2007-6416.json | 180 +++++++++++----------- 2007/6xxx/CVE-2007-6458.json | 140 ++++++++--------- 2010/5xxx/CVE-2010-5052.json | 140 ++++++++--------- 2010/5xxx/CVE-2010-5143.json | 120 +++++++-------- 2014/1xxx/CVE-2014-1582.json | 240 ++++++++++++++--------------- 2014/1xxx/CVE-2014-1712.json | 34 ++-- 2014/1xxx/CVE-2014-1857.json | 34 ++-- 2014/5xxx/CVE-2014-5298.json | 160 +++++++++---------- 2014/5xxx/CVE-2014-5476.json | 34 ++-- 2015/2xxx/CVE-2015-2035.json | 180 +++++++++++----------- 2015/2xxx/CVE-2015-2070.json | 160 +++++++++---------- 2015/2xxx/CVE-2015-2096.json | 130 ++++++++-------- 2015/2xxx/CVE-2015-2272.json | 150 +++++++++--------- 2015/6xxx/CVE-2015-6251.json | 210 ++++++++++++------------- 2015/6xxx/CVE-2015-6266.json | 130 ++++++++-------- 2015/6xxx/CVE-2015-6395.json | 130 ++++++++-------- 2015/6xxx/CVE-2015-6959.json | 120 +++++++-------- 2016/0xxx/CVE-2016-0709.json | 170 ++++++++++---------- 2016/1000xxx/CVE-2016-1000244.json | 34 ++-- 2016/10xxx/CVE-2016-10053.json | 150 +++++++++--------- 2016/10xxx/CVE-2016-10172.json | 150 +++++++++--------- 2016/10xxx/CVE-2016-10465.json | 34 ++-- 2016/4xxx/CVE-2016-4061.json | 130 ++++++++-------- 2016/4xxx/CVE-2016-4083.json | 150 +++++++++--------- 2016/4xxx/CVE-2016-4271.json | 170 ++++++++++---------- 2016/4xxx/CVE-2016-4316.json | 160 +++++++++---------- 2016/4xxx/CVE-2016-4706.json | 150 +++++++++--------- 2016/4xxx/CVE-2016-4957.json | 240 ++++++++++++++--------------- 2016/8xxx/CVE-2016-8863.json | 170 ++++++++++---------- 2016/9xxx/CVE-2016-9144.json | 34 ++-- 2016/9xxx/CVE-2016-9161.json | 34 ++-- 2016/9xxx/CVE-2016-9178.json | 170 ++++++++++---------- 2016/9xxx/CVE-2016-9785.json | 34 ++-- 2019/2xxx/CVE-2019-2134.json | 34 ++-- 2019/2xxx/CVE-2019-2404.json | 148 +++++++++--------- 2019/2xxx/CVE-2019-2714.json | 34 ++-- 2019/3xxx/CVE-2019-3270.json | 34 ++-- 2019/3xxx/CVE-2019-3419.json | 34 ++-- 2019/3xxx/CVE-2019-3686.json | 34 ++-- 2019/3xxx/CVE-2019-3846.json | 34 ++-- 2019/6xxx/CVE-2019-6662.json | 34 ++-- 2019/6xxx/CVE-2019-6817.json | 34 ++-- 2019/6xxx/CVE-2019-6922.json | 34 ++-- 2019/7xxx/CVE-2019-7013.json | 34 ++-- 2019/7xxx/CVE-2019-7030.json | 34 ++-- 2019/7xxx/CVE-2019-7168.json | 120 +++++++-------- 2019/7xxx/CVE-2019-7490.json | 34 ++-- 2019/8xxx/CVE-2019-8106.json | 34 ++-- 2019/8xxx/CVE-2019-8161.json | 34 ++-- 2019/8xxx/CVE-2019-8677.json | 34 ++-- 59 files changed, 3260 insertions(+), 3260 deletions(-) diff --git a/2007/0xxx/CVE-2007-0433.json b/2007/0xxx/CVE-2007-0433.json index 62faa5c6337..b0add352fec 100644 --- a/2007/0xxx/CVE-2007-0433.json +++ b/2007/0xxx/CVE-2007-0433.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA07-154.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/221" - }, - { - "name" : "22082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22082" - }, - { - "name" : "32861", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32861" - }, - { - "name" : "1017524", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017524" - }, - { - "name" : "23786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA07-154.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/221" + }, + { + "name": "22082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22082" + }, + { + "name": "23786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23786" + }, + { + "name": "32861", + "refsource": "OSVDB", + "url": "http://osvdb.org/32861" + }, + { + "name": "1017524", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017524" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0635.json b/2007/0xxx/CVE-2007-0635.json index 7a7d4f16f94..bbb228d84e4 100644 --- a/2007/0xxx/CVE-2007-0635.json +++ b/2007/0xxx/CVE-2007-0635.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070130 EncapsCMS 0.3.6 (common_foot.php) Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458582/100/0/threaded" - }, - { - "name" : "22319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22319" - }, - { - "name" : "ADV-2007-0430", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0430" - }, - { - "name" : "33034", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33034" - }, - { - "name" : "33035", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33035" - }, - { - "name" : "33036", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33036" - }, - { - "name" : "23987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23987" - }, - { - "name" : "2200", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2200" - }, - { - "name" : "encapsms-config-file-include(31978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0430", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0430" + }, + { + "name": "33035", + "refsource": "OSVDB", + "url": "http://osvdb.org/33035" + }, + { + "name": "33034", + "refsource": "OSVDB", + "url": "http://osvdb.org/33034" + }, + { + "name": "22319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22319" + }, + { + "name": "23987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23987" + }, + { + "name": "encapsms-config-file-include(31978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31978" + }, + { + "name": "2200", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2200" + }, + { + "name": "33036", + "refsource": "OSVDB", + "url": "http://osvdb.org/33036" + }, + { + "name": "20070130 EncapsCMS 0.3.6 (common_foot.php) Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458582/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2626.json b/2007/2xxx/CVE-2007-2626.json index db711a15b9e..b6a0bbe576e 100644 --- a/2007/2xxx/CVE-2007-2626.json +++ b/2007/2xxx/CVE-2007-2626.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070503 SchoolBoard (admin.php) Remote Login Bypass SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467486/100/0/threaded" - }, - { - "name" : "20070511 probably false: SchoolBoard (admin.php) SQL injection", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-May/001609.html" - }, - { - "name" : "23798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23798" - }, - { - "name" : "36162", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36162" - }, - { - "name" : "2695", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070503 SchoolBoard (admin.php) Remote Login Bypass SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467486/100/0/threaded" + }, + { + "name": "23798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23798" + }, + { + "name": "36162", + "refsource": "OSVDB", + "url": "http://osvdb.org/36162" + }, + { + "name": "2695", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2695" + }, + { + "name": "20070511 probably false: SchoolBoard (admin.php) SQL injection", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-May/001609.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3179.json b/2007/3xxx/CVE-2007-3179.json index 9668a97641c..3c5f4912891 100644 --- a/2007/3xxx/CVE-2007-3179.json +++ b/2007/3xxx/CVE-2007-3179.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070530 Particle Blogger 1.2.1 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469984/100/0/threaded" - }, - { - "name" : "37468", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37468" - }, - { - "name" : "2799", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2799" - }, - { - "name" : "particle-archives-sql-injection(34583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37468", + "refsource": "OSVDB", + "url": "http://osvdb.org/37468" + }, + { + "name": "2799", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2799" + }, + { + "name": "particle-archives-sql-injection(34583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34583" + }, + { + "name": "20070530 Particle Blogger 1.2.1 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469984/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3428.json b/2007/3xxx/CVE-2007-3428.json index d267606e4d0..3e2485d9a7c 100644 --- a/2007/3xxx/CVE-2007-3428.json +++ b/2007/3xxx/CVE-2007-3428.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://soft.zoneo.net/phpTrafficA/news.php", - "refsource" : "CONFIRM", - "url" : "http://soft.zoneo.net/phpTrafficA/news.php" - }, - { - "name" : "43469", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43469" - }, - { - "name" : "43470", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43469", + "refsource": "OSVDB", + "url": "http://osvdb.org/43469" + }, + { + "name": "http://soft.zoneo.net/phpTrafficA/news.php", + "refsource": "CONFIRM", + "url": "http://soft.zoneo.net/phpTrafficA/news.php" + }, + { + "name": "43470", + "refsource": "OSVDB", + "url": "http://osvdb.org/43470" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3784.json b/2007/3xxx/CVE-2007-3784.json index 29049fb1438..76734474c6a 100644 --- a/2007/3xxx/CVE-2007-3784.json +++ b/2007/3xxx/CVE-2007-3784.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070710 Portcullis Computer Security Ltd - Advisories", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0179.html" - }, - { - "name" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/att-0179/Belkin_Router_fw_40503_xss_06_64.txt", - "refsource" : "MISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/att-0179/Belkin_Router_fw_40503_xss_06_64.txt" - }, - { - "name" : "http://www.portcullis-security.com/uplds/advisories/Belkin_Router_fw_40503_xss%2006_64.txt", - "refsource" : "MISC", - "url" : "http://www.portcullis-security.com/uplds/advisories/Belkin_Router_fw_40503_xss%2006_64.txt" - }, - { - "name" : "24881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24881" - }, - { - "name" : "36361", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36361" - }, - { - "name" : "ADV-2007-2527", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2527" - }, - { - "name" : "26059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26059" - }, - { - "name" : "belkin-gplus-hostname-xss(35380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "belkin-gplus-hostname-xss(35380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35380" + }, + { + "name": "26059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26059" + }, + { + "name": "36361", + "refsource": "OSVDB", + "url": "http://osvdb.org/36361" + }, + { + "name": "ADV-2007-2527", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2527" + }, + { + "name": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/att-0179/Belkin_Router_fw_40503_xss_06_64.txt", + "refsource": "MISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/att-0179/Belkin_Router_fw_40503_xss_06_64.txt" + }, + { + "name": "24881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24881" + }, + { + "name": "20070710 Portcullis Computer Security Ltd - Advisories", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0179.html" + }, + { + "name": "http://www.portcullis-security.com/uplds/advisories/Belkin_Router_fw_40503_xss%2006_64.txt", + "refsource": "MISC", + "url": "http://www.portcullis-security.com/uplds/advisories/Belkin_Router_fw_40503_xss%2006_64.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4064.json b/2007/4xxx/CVE-2007-4064.json index 124fa9f7c47..20bb88cd663 100644 --- a/2007/4xxx/CVE-2007-4064.json +++ b/2007/4xxx/CVE-2007-4064.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via \"some server variables,\" including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/files/sa-2007-018/advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/files/sa-2007-018/advisory.txt" - }, - { - "name" : "25097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25097" - }, - { - "name" : "ADV-2007-2697", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2697" - }, - { - "name" : "26224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26224" - }, - { - "name" : "drupal-contenttype-xss(35637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35637" - }, - { - "name" : "drupal-servervariable-xss(35638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via \"some server variables,\" including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2697", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2697" + }, + { + "name": "http://drupal.org/files/sa-2007-018/advisory.txt", + "refsource": "CONFIRM", + "url": "http://drupal.org/files/sa-2007-018/advisory.txt" + }, + { + "name": "25097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25097" + }, + { + "name": "26224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26224" + }, + { + "name": "drupal-contenttype-xss(35637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35637" + }, + { + "name": "drupal-servervariable-xss(35638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35638" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4507.json b/2007/4xxx/CVE-2007-4507.json index d13f154e28c..fc864909fad 100644 --- a/2007/4xxx/CVE-2007-4507.json +++ b/2007/4xxx/CVE-2007-4507.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4304", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4304", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4304" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4837.json b/2007/4xxx/CVE-2007-4837.json index 824f315d7e7..f4738a91a29 100644 --- a/2007/4xxx/CVE-2007-4837.json +++ b/2007/4xxx/CVE-2007-4837.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070909 Proxy Anket v3.0.1 Sql injection Vulnerable", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478971/100/0/threaded" - }, - { - "name" : "http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html", - "refsource" : "MISC", - "url" : "http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html" - }, - { - "name" : "25613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25613" - }, - { - "name" : "36939", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36939" - }, - { - "name" : "26735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26735" - }, - { - "name" : "3121", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3121" - }, - { - "name" : "proxyanklet-anket-sql-injection(36515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "proxyanklet-anket-sql-injection(36515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36515" + }, + { + "name": "http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html", + "refsource": "MISC", + "url": "http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html" + }, + { + "name": "25613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25613" + }, + { + "name": "3121", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3121" + }, + { + "name": "20070909 Proxy Anket v3.0.1 Sql injection Vulnerable", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478971/100/0/threaded" + }, + { + "name": "26735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26735" + }, + { + "name": "36939", + "refsource": "OSVDB", + "url": "http://osvdb.org/36939" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6416.json b/2007/6xxx/CVE-2007-6416.json index eb2267918a9..1c5d9efc406 100644 --- a/2007/6xxx/CVE-2007-6416.json +++ b/2007/6xxx/CVE-2007-6416.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7" - }, - { - "name" : "RHSA-2008:0089", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0089.html" - }, - { - "name" : "26954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26954" - }, - { - "name" : "41344", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41344" - }, - { - "name" : "oval:org.mitre.oval:def:9840", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840" - }, - { - "name" : "28146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28146" - }, - { - "name" : "28643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28643" + }, + { + "name": "oval:org.mitre.oval:def:9840", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840" + }, + { + "name": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7", + "refsource": "CONFIRM", + "url": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7" + }, + { + "name": "26954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26954" + }, + { + "name": "28146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28146" + }, + { + "name": "41344", + "refsource": "OSVDB", + "url": "http://osvdb.org/41344" + }, + { + "name": "RHSA-2008:0089", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6458.json b/2007/6xxx/CVE-2007-6458.json index b64c033c8b9..e5075b3ecb8 100644 --- a/2007/6xxx/CVE-2007-6458.json +++ b/2007/6xxx/CVE-2007-6458.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4733", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4733" - }, - { - "name" : "26890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26890" - }, - { - "name" : "43706", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4733", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4733" + }, + { + "name": "26890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26890" + }, + { + "name": "43706", + "refsource": "OSVDB", + "url": "http://osvdb.org/43706" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5052.json b/2010/5xxx/CVE-2010-5052.json index 2e1d2d6164c..7f866d58481 100644 --- a/2010/5xxx/CVE-2010-5052.json +++ b/2010/5xxx/CVE-2010-5052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100525 XSS vulnerability in GetSimple CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511458/100/0/threaded" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html" - }, - { - "name" : "40374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100525 XSS vulnerability in GetSimple CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511458/100/0/threaded" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html" + }, + { + "name": "40374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40374" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5143.json b/2010/5xxx/CVE-2010-5143.json index c7cf44f5ff3..9983167190b 100644 --- a/2010/5xxx/CVE-2010-5143.json +++ b/2010/5xxx/CVE-2010-5143.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10014", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10014", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10014" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1582.json b/2014/1xxx/CVE-2014-1582.json index 8a356848e34..b415a61595c 100644 --- a/2014/1xxx/CVE-2014-1582.json +++ b/2014/1xxx/CVE-2014-1582.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-80.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-80.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1049095", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1049095" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "FEDORA-2014-13042", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html" - }, - { - "name" : "FEDORA-2014-14084", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2014:1344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html" - }, - { - "name" : "openSUSE-SU-2014:1345", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html" - }, - { - "name" : "USN-2372-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2372-1" - }, - { - "name" : "70432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70432" - }, - { - "name" : "1031028", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031028" - }, - { - "name" : "62022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62022" - }, - { - "name" : "62023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1049095", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1049095" + }, + { + "name": "openSUSE-SU-2014:1344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html" + }, + { + "name": "FEDORA-2014-13042", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-80.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-80.html" + }, + { + "name": "1031028", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031028" + }, + { + "name": "openSUSE-SU-2014:1345", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "FEDORA-2014-14084", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html" + }, + { + "name": "USN-2372-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2372-1" + }, + { + "name": "62022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62022" + }, + { + "name": "62023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62023" + }, + { + "name": "70432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70432" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1712.json b/2014/1xxx/CVE-2014-1712.json index 6d14286c044..82a1192f722 100644 --- a/2014/1xxx/CVE-2014-1712.json +++ b/2014/1xxx/CVE-2014-1712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1857.json b/2014/1xxx/CVE-2014-1857.json index a2701eb6eb2..910570b6dcd 100644 --- a/2014/1xxx/CVE-2014-1857.json +++ b/2014/1xxx/CVE-2014-1857.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1857", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1857", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5298.json b/2014/5xxx/CVE-2014-5298.json index f421dfbd387..fc53cd8334c 100644 --- a/2014/5xxx/CVE-2014-5298.json +++ b/2014/5xxx/CVE-2014-5298.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533514/100/0/threaded" - }, - { - "name" : "20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/78" - }, - { - "name" : "http://karmainsecurity.com/KIS-2014-10", - "refsource" : "MISC", - "url" : "http://karmainsecurity.com/KIS-2014-10" - }, - { - "name" : "http://packetstormsecurity.com/files/128353/X2Engine-4.1.7-Unrestricted-File-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128353/X2Engine-4.1.7-Unrestricted-File-Upload.html" - }, - { - "name" : "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128353/X2Engine-4.1.7-Unrestricted-File-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128353/X2Engine-4.1.7-Unrestricted-File-Upload.html" + }, + { + "name": "20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/78" + }, + { + "name": "20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533514/100/0/threaded" + }, + { + "name": "http://karmainsecurity.com/KIS-2014-10", + "refsource": "MISC", + "url": "http://karmainsecurity.com/KIS-2014-10" + }, + { + "name": "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5476.json b/2014/5xxx/CVE-2014-5476.json index f3a0dff53ad..25ecefd5838 100644 --- a/2014/5xxx/CVE-2014-5476.json +++ b/2014/5xxx/CVE-2014-5476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5476", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5476", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2035.json b/2015/2xxx/CVE-2015-2035.json index 38356ab6bd2..afab43a374f 100644 --- a/2015/2xxx/CVE-2015-2035.json +++ b/2015/2xxx/CVE-2015-2035.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150218 Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Feb/73" - }, - { - "name" : "http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.html" - }, - { - "name" : "http://piwigo.org/forum/viewtopic.php?id=25179", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/forum/viewtopic.php?id=25179" - }, - { - "name" : "http://piwigo.org/releases/2.7.4", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/releases/2.7.4" - }, - { - "name" : "72689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.html" + }, + { + "name": "20150218 Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Feb/73" + }, + { + "name": "http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "http://piwigo.org/releases/2.7.4", + "refsource": "CONFIRM", + "url": "http://piwigo.org/releases/2.7.4" + }, + { + "name": "http://piwigo.org/forum/viewtopic.php?id=25179", + "refsource": "CONFIRM", + "url": "http://piwigo.org/forum/viewtopic.php?id=25179" + }, + { + "name": "72689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72689" + }, + { + "name": "http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2070.json b/2015/2xxx/CVE-2015-2070.json index 6301a34cb99..b157d788034 100644 --- a/2015/2xxx/CVE-2015-2070.json +++ b/2015/2xxx/CVE-2015-2070.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36089", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/36089" - }, - { - "name" : "20150213 eTouch SamePage v4.4.0.0.239 multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Feb/47" - }, - { - "name" : "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html" - }, - { - "name" : "74883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74883" - }, - { - "name" : "118356", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/118356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html" + }, + { + "name": "118356", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/118356" + }, + { + "name": "36089", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/36089" + }, + { + "name": "20150213 eTouch SamePage v4.4.0.0.239 multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Feb/47" + }, + { + "name": "74883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74883" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2096.json b/2015/2xxx/CVE-2015-2096.json index fc1c83bda58..ce2f384ed41 100644 --- a/2015/2xxx/CVE-2015-2096.json +++ b/2015/2xxx/CVE-2015-2096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-069/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-069/" - }, - { - "name" : "72849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-069/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-069/" + }, + { + "name": "72849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72849" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2272.json b/2015/2xxx/CVE-2015-2272.json index a37cf144829..46b77b235ca 100644 --- a/2015/2xxx/CVE-2015-2272.json +++ b/2015/2xxx/CVE-2015-2272.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150316 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/03/16/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=307386", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=307386" - }, - { - "name" : "73166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=307386", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=307386" + }, + { + "name": "73166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73166" + }, + { + "name": "[oss-security] 20150316 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/03/16/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6251.json b/2015/6xxx/CVE-2015-6251.json index 57d6b6b50d4..46ec2519125 100644 --- a/2015/6xxx/CVE-2015-6251.json +++ b/2015/6xxx/CVE-2015-6251.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-6251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/10/1" - }, - { - "name" : "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/17/6" - }, - { - "name" : "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3", - "refsource" : "CONFIRM", - "url" : "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251902", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251902" - }, - { - "name" : "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12" - }, - { - "name" : "DSA-3334", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3334" - }, - { - "name" : "FEDORA-2015-13287", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html" - }, - { - "name" : "openSUSE-SU-2015:1499", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html" - }, - { - "name" : "76267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76267" - }, - { - "name" : "1033226", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902" + }, + { + "name": "openSUSE-SU-2015:1499", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html" + }, + { + "name": "1033226", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033226" + }, + { + "name": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3", + "refsource": "CONFIRM", + "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3" + }, + { + "name": "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/10/1" + }, + { + "name": "76267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76267" + }, + { + "name": "FEDORA-2015-13287", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html" + }, + { + "name": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12" + }, + { + "name": "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/17/6" + }, + { + "name": "DSA-3334", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3334" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6266.json b/2015/6xxx/CVE-2015-6266.json index 0a847553f68..e159f120550 100644 --- a/2015/6xxx/CVE-2015-6266.json +++ b/2015/6xxx/CVE-2015-6266.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150827 Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691" - }, - { - "name" : "1033405", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150827 Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691" + }, + { + "name": "1033405", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033405" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6395.json b/2015/6xxx/CVE-2015-6395.json index 3667216d7c3..4a66f4b3f9e 100644 --- a/2015/6xxx/CVE-2015-6395.json +++ b/2015/6xxx/CVE-2015-6395.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151207 Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151207-psc" - }, - { - "name" : "1034313", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151207 Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151207-psc" + }, + { + "name": "1034313", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034313" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6959.json b/2015/6xxx/CVE-2015-6959.json index 6d422d31c3f..701944cf3e3 100644 --- a/2015/6xxx/CVE-2015-6959.json +++ b/2015/6xxx/CVE-2015-6959.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Vindula 1.9." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.youtube.com/watch?v=-WXWqNBEQQc", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=-WXWqNBEQQc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Vindula 1.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=-WXWqNBEQQc", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=-WXWqNBEQQc" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0709.json b/2016/0xxx/CVE-2016-0709.json index a1e794b7108..a2af5ae229f 100644 --- a/2016/0xxx/CVE-2016-0709.json +++ b/2016/0xxx/CVE-2016-0709.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-0709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by \"../../webapps/x.jsp.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-0709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39643", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39643/" - }, - { - "name" : "[portals-jetspeed-user] 20160303 [CVE-2016-0709] Apache Jetspeed information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C281D02D0-6A03-4421-9D86-E73B001C8677@bluesunrise.com%3E" - }, - { - "name" : "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and", - "refsource" : "MISC", - "url" : "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and" - }, - { - "name" : "http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html" - }, - { - "name" : "http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload" - }, - { - "name" : "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709", - "refsource" : "CONFIRM", - "url" : "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by \"../../webapps/x.jsp.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39643", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39643/" + }, + { + "name": "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709", + "refsource": "CONFIRM", + "url": "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709" + }, + { + "name": "[portals-jetspeed-user] 20160303 [CVE-2016-0709] Apache Jetspeed information disclosure vulnerability", + "refsource": "MLIST", + "url": "https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C281D02D0-6A03-4421-9D86-E73B001C8677@bluesunrise.com%3E" + }, + { + "name": "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and", + "refsource": "MISC", + "url": "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and" + }, + { + "name": "http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload" + }, + { + "name": "http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000244.json b/2016/1000xxx/CVE-2016-1000244.json index 4bdf2bcd72d..4acd2ff8086 100644 --- a/2016/1000xxx/CVE-2016-1000244.json +++ b/2016/1000xxx/CVE-2016-1000244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10053.json b/2016/10xxx/CVE-2016-10053.json index 1dd429b1c1a..e5dc65ae5a3 100644 --- a/2016/10xxx/CVE-2016-10053.json +++ b/2016/10xxx/CVE-2016-10053.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/26/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410461", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410461" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5" - }, - { - "name" : "95179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410461", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410461" + }, + { + "name": "95179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95179" + }, + { + "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10172.json b/2016/10xxx/CVE-2016-10172.json index 893253d69be..b9a780c4599 100644 --- a/2016/10xxx/CVE-2016-10172.json +++ b/2016/10xxx/CVE-2016-10172.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170128 Re: wavpack: multiple out of bounds memory reads", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/28/9" - }, - { - "name" : "https://sourceforge.net/p/wavpack/mailman/message/35561951/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/wavpack/mailman/message/35561951/" - }, - { - "name" : "https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc", - "refsource" : "CONFIRM", - "url" : "https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc" - }, - { - "name" : "95883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95883" + }, + { + "name": "https://sourceforge.net/p/wavpack/mailman/message/35561951/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/wavpack/mailman/message/35561951/" + }, + { + "name": "[oss-security] 20170128 Re: wavpack: multiple out of bounds memory reads", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/28/9" + }, + { + "name": "https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc", + "refsource": "CONFIRM", + "url": "https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10465.json b/2016/10xxx/CVE-2016-10465.json index 1cfa3ba3d1e..be62ebb5c60 100644 --- a/2016/10xxx/CVE-2016-10465.json +++ b/2016/10xxx/CVE-2016-10465.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10465", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10465", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4061.json b/2016/4xxx/CVE-2016-4061.json index fbf05d82087..a1550a8dcbe 100644 --- a/2016/4xxx/CVE-2016-4061.json +++ b/2016/4xxx/CVE-2016-4061.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "90504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "90504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90504" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4083.json b/2016/4xxx/CVE-2016-4083.json index 015f78d34ec..aa110bb87b8 100644 --- a/2016/4xxx/CVE-2016-4083.json +++ b/2016/4xxx/CVE-2016-4083.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-27.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12341", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12341" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66417b17b3570b163a16ca81f71ce5bcb10548d2", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66417b17b3570b163a16ca81f71ce5bcb10548d2" - }, - { - "name" : "1035685", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035685", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035685" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-27.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-27.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66417b17b3570b163a16ca81f71ce5bcb10548d2", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66417b17b3570b163a16ca81f71ce5bcb10548d2" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12341", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12341" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4271.json b/2016/4xxx/CVE-2016-4271.json index d7b86089e05..53798de43ce 100644 --- a/2016/4xxx/CVE-2016-4271.json +++ b/2016/4xxx/CVE-2016-4271.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a \"local-with-filesystem Flash sandbox bypass\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lab.truel.it/flash-sandbox-bypass/", - "refsource" : "MISC", - "url" : "http://lab.truel.it/flash-sandbox-bypass/" - }, - { - "name" : "https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak/", - "refsource" : "MISC", - "url" : "https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:1865", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html" - }, - { - "name" : "1036791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a \"local-with-filesystem Flash sandbox bypass\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "http://lab.truel.it/flash-sandbox-bypass/", + "refsource": "MISC", + "url": "http://lab.truel.it/flash-sandbox-bypass/" + }, + { + "name": "https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak/", + "refsource": "MISC", + "url": "https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak/" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" + }, + { + "name": "RHSA-2016:1865", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html" + }, + { + "name": "1036791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036791" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4316.json b/2016/4xxx/CVE-2016-4316.json index e70d897394e..4b0db08ecb7 100644 --- a/2016/4xxx/CVE-2016-4316.json +++ b/2016/4xxx/CVE-2016-4316.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-4316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160813 WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539201/100/0/threaded" - }, - { - "name" : "40241", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40241/" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html" - }, - { - "name" : "92473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html" + }, + { + "name": "92473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92473" + }, + { + "name": "20160813 WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539201/100/0/threaded" + }, + { + "name": "40241", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40241/" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4706.json b/2016/4xxx/CVE-2016-4706.json index 60cd80418dc..ea87af7a5ad 100644 --- a/2016/4xxx/CVE-2016-4706.json +++ b/2016/4xxx/CVE-2016-4706.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "93055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93055" - }, - { - "name" : "1036858", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036858", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036858" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "93055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93055" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4957.json b/2016/4xxx/CVE-2016-4957.json index 89aea8029e2..54fcd00ed82 100644 --- a/2016/4xxx/CVE-2016-4957.json +++ b/2016/4xxx/CVE-2016-4957.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.ntp.org/3046", - "refsource" : "CONFIRM", - "url" : "http://bugs.ntp.org/3046" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug3046", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug3046" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "FreeBSD-SA-16:24", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc" - }, - { - "name" : "GLSA-201607-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-15" - }, - { - "name" : "SUSE-SU-2016:1563", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html" - }, - { - "name" : "SUSE-SU-2016:1584", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html" - }, - { - "name" : "SUSE-SU-2016:1602", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html" - }, - { - "name" : "openSUSE-SU-2016:1583", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html" - }, - { - "name" : "openSUSE-SU-2016:1636", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html" - }, - { - "name" : "VU#321640", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/321640" - }, - { - "name" : "1036037", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1602", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html" + }, + { + "name": "openSUSE-SU-2016:1583", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html" + }, + { + "name": "FreeBSD-SA-16:24", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc" + }, + { + "name": "http://bugs.ntp.org/3046", + "refsource": "CONFIRM", + "url": "http://bugs.ntp.org/3046" + }, + { + "name": "1036037", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036037" + }, + { + "name": "SUSE-SU-2016:1584", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "VU#321640", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/321640" + }, + { + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice" + }, + { + "name": "openSUSE-SU-2016:1636", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html" + }, + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug3046", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug3046" + }, + { + "name": "SUSE-SU-2016:1563", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html" + }, + { + "name": "GLSA-201607-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-15" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8863.json b/2016/8xxx/CVE-2016-8863.json index d5379dd2226..53ddc5fb352 100644 --- a/2016/8xxx/CVE-2016-8863.json +++ b/2016/8xxx/CVE-2016-8863.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2017-10", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-10" - }, - { - "name" : "https://sourceforge.net/p/pupnp/bugs/133/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/pupnp/bugs/133/" - }, - { - "name" : "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog" - }, - { - "name" : "DSA-3736", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2016/dsa-3736" - }, - { - "name" : "GLSA-201701-52", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-52" - }, - { - "name" : "92849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/pupnp/bugs/133/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/pupnp/bugs/133/" + }, + { + "name": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog" + }, + { + "name": "GLSA-201701-52", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-52" + }, + { + "name": "DSA-3736", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2016/dsa-3736" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-10", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-10" + }, + { + "name": "92849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92849" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9144.json b/2016/9xxx/CVE-2016-9144.json index 715e9c421e9..d2da71d9eb2 100644 --- a/2016/9xxx/CVE-2016-9144.json +++ b/2016/9xxx/CVE-2016-9144.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9144", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9144", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9161.json b/2016/9xxx/CVE-2016-9161.json index 6bcfd446f32..a42e85d29f4 100644 --- a/2016/9xxx/CVE-2016-9161.json +++ b/2016/9xxx/CVE-2016-9161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9161", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9161", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9178.json b/2016/9xxx/CVE-2016-9178.json index 73a9c6f5acf..6a02a74037b 100644 --- a/2016/9xxx/CVE-2016-9178.json +++ b/2016/9xxx/CVE-2016-9178.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161104 Re: kernel: fix minor infoleak in get_user_ex()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/04/4" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1391908", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1391908" - }, - { - "name" : "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af" - }, - { - "name" : "94144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af" + }, + { + "name": "[oss-security] 20161104 Re: kernel: fix minor infoleak in get_user_ex()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/04/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391908", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391908" + }, + { + "name": "94144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94144" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9785.json b/2016/9xxx/CVE-2016-9785.json index e027cd98900..9d2c8e75f8d 100644 --- a/2016/9xxx/CVE-2016-9785.json +++ b/2016/9xxx/CVE-2016-9785.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9785", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9785", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2134.json b/2019/2xxx/CVE-2019-2134.json index da5df422c06..4fd6b834f9a 100644 --- a/2019/2xxx/CVE-2019-2134.json +++ b/2019/2xxx/CVE-2019-2134.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2134", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2134", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2404.json b/2019/2xxx/CVE-2019-2404.json index 0ce2b30fff4..44ce2bc7bd5 100644 --- a/2019/2xxx/CVE-2019-2404.json +++ b/2019/2xxx/CVE-2019-2404.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - }, - { - "version_affected" : "=", - "version_value" : "8.57" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + }, + { + "version_affected": "=", + "version_value": "8.57" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106592" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2714.json b/2019/2xxx/CVE-2019-2714.json index 15fb81d9c71..8a86ba4712b 100644 --- a/2019/2xxx/CVE-2019-2714.json +++ b/2019/2xxx/CVE-2019-2714.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2714", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2714", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3270.json b/2019/3xxx/CVE-2019-3270.json index 75342f1e535..33aa3a68ca9 100644 --- a/2019/3xxx/CVE-2019-3270.json +++ b/2019/3xxx/CVE-2019-3270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3419.json b/2019/3xxx/CVE-2019-3419.json index ae4bf887370..3d56ada3a30 100644 --- a/2019/3xxx/CVE-2019-3419.json +++ b/2019/3xxx/CVE-2019-3419.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3419", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3419", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3686.json b/2019/3xxx/CVE-2019-3686.json index 5a8f7cb19be..3d5c6c14550 100644 --- a/2019/3xxx/CVE-2019-3686.json +++ b/2019/3xxx/CVE-2019-3686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3846.json b/2019/3xxx/CVE-2019-3846.json index 42a3c1c0ec6..5faefcbfd1d 100644 --- a/2019/3xxx/CVE-2019-3846.json +++ b/2019/3xxx/CVE-2019-3846.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3846", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3846", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6662.json b/2019/6xxx/CVE-2019-6662.json index 615e45da27a..dfaf599bc0b 100644 --- a/2019/6xxx/CVE-2019-6662.json +++ b/2019/6xxx/CVE-2019-6662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6662", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6662", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6817.json b/2019/6xxx/CVE-2019-6817.json index 7bb745a6260..02567e24da9 100644 --- a/2019/6xxx/CVE-2019-6817.json +++ b/2019/6xxx/CVE-2019-6817.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6817", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6817", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6922.json b/2019/6xxx/CVE-2019-6922.json index 62014126567..4833178bc64 100644 --- a/2019/6xxx/CVE-2019-6922.json +++ b/2019/6xxx/CVE-2019-6922.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6922", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6922", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7013.json b/2019/7xxx/CVE-2019-7013.json index efdd9373b26..dd24e87dbb4 100644 --- a/2019/7xxx/CVE-2019-7013.json +++ b/2019/7xxx/CVE-2019-7013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7030.json b/2019/7xxx/CVE-2019-7030.json index feeb0742dce..f20bf1258b2 100644 --- a/2019/7xxx/CVE-2019-7030.json +++ b/2019/7xxx/CVE-2019-7030.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7030", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7030", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7168.json b/2019/7xxx/CVE-2019-7168.json index 68246e5f458..e0fbaf22d95 100644 --- a/2019/7xxx/CVE-2019-7168.json +++ b/2019/7xxx/CVE-2019-7168.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/croogo/croogo/issues/886", - "refsource" : "MISC", - "url" : "https://github.com/croogo/croogo/issues/886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/croogo/croogo/issues/886", + "refsource": "MISC", + "url": "https://github.com/croogo/croogo/issues/886" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7490.json b/2019/7xxx/CVE-2019-7490.json index cc6fd102891..5d2afb81086 100644 --- a/2019/7xxx/CVE-2019-7490.json +++ b/2019/7xxx/CVE-2019-7490.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7490", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7490", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8106.json b/2019/8xxx/CVE-2019-8106.json index 0432c514782..5d18dd342ab 100644 --- a/2019/8xxx/CVE-2019-8106.json +++ b/2019/8xxx/CVE-2019-8106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8106", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8106", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8161.json b/2019/8xxx/CVE-2019-8161.json index db4612dc5ab..fcf4d4f7e98 100644 --- a/2019/8xxx/CVE-2019-8161.json +++ b/2019/8xxx/CVE-2019-8161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8161", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8161", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8677.json b/2019/8xxx/CVE-2019-8677.json index 34bf28b164f..bb98c2896c3 100644 --- a/2019/8xxx/CVE-2019-8677.json +++ b/2019/8xxx/CVE-2019-8677.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8677", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8677", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file