diff --git a/1999/1xxx/CVE-1999-1364.json b/1999/1xxx/CVE-1999-1364.json index e06227e7460..0045621f620 100644 --- a/1999/1xxx/CVE-1999-1364.json +++ b/1999/1xxx/CVE-1999-1364.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "Q142653", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/support/kb/articles/q142/6/53.asp" - }, - { - "name" : "nt-threadcontext-dos(7421)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7421.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nt-threadcontext-dos(7421)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7421.php" + }, + { + "name": "Q142653", + "refsource": "MSKB", + "url": "http://support.microsoft.com/support/kb/articles/q142/6/53.asp" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1033.json b/2000/1xxx/CVE-2000-1033.json index 43db1940014..321ed8269ca 100644 --- a/2000/1xxx/CVE-2000-1033.json +++ b/2000/1xxx/CVE-2000-1033.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001029 Brute Forcing FTP Servers with enabled anti-hammering (anti brute-force) modus", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/141905" - }, - { - "name" : "1860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1860" - }, - { - "name" : "ftp-servu-brute-force(5436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp-servu-brute-force(5436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5436" + }, + { + "name": "20001029 Brute Forcing FTP Servers with enabled anti-hammering (anti brute-force) modus", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/141905" + }, + { + "name": "1860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1860" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2494.json b/2005/2xxx/CVE-2005-2494.json index 772482d1f56..b6f1efda93e 100644 --- a/2005/2xxx/CVE-2005-2494.json +++ b/2005/2xxx/CVE-2005-2494.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050907 [ Suresec Advisories ] - Kcheckpass file creation vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112611555928169&w=2" - }, - { - "name" : "http://www.suresec.org/advisories/adv6.pdf", - "refsource" : "MISC", - "url" : "http://www.suresec.org/advisories/adv6.pdf" - }, - { - "name" : "20050905 [KDE Security Advisory] kcheckpass local root vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112603999215453&w=2" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20050905-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20050905-1.txt" - }, - { - "name" : "ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff", - "refsource" : "MISC", - "url" : "ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff" - }, - { - "name" : "DSA-815", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-815" - }, - { - "name" : "MDKSA-2005:160", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:160" - }, - { - "name" : "RHSA-2006:0582", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0582.html" - }, - { - "name" : "USN-176-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-176-1" - }, - { - "name" : "14736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14736" - }, - { - "name" : "oval:org.mitre.oval:def:9388", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9388" - }, - { - "name" : "16692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16692" - }, - { - "name" : "18139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18139" - }, - { - "name" : "21481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2005:160", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:160" + }, + { + "name": "20050905 [KDE Security Advisory] kcheckpass local root vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112603999215453&w=2" + }, + { + "name": "16692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16692" + }, + { + "name": "oval:org.mitre.oval:def:9388", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9388" + }, + { + "name": "USN-176-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-176-1" + }, + { + "name": "18139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18139" + }, + { + "name": "21481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21481" + }, + { + "name": "DSA-815", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-815" + }, + { + "name": "http://www.kde.org/info/security/advisory-20050905-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20050905-1.txt" + }, + { + "name": "RHSA-2006:0582", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0582.html" + }, + { + "name": "20050907 [ Suresec Advisories ] - Kcheckpass file creation vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112611555928169&w=2" + }, + { + "name": "http://www.suresec.org/advisories/adv6.pdf", + "refsource": "MISC", + "url": "http://www.suresec.org/advisories/adv6.pdf" + }, + { + "name": "ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff", + "refsource": "MISC", + "url": "ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff" + }, + { + "name": "14736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14736" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2773.json b/2005/2xxx/CVE-2005-2773.json index 88c35edd5ea..16d72c76588 100644 --- a/2005/2xxx/CVE-2005-2773.json +++ b/2005/2xxx/CVE-2005-2773.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050825 Portcullis Security Advisory 05-014 HP Openview Remote Command", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112499121725662&w=2" - }, - { - "name" : "HPSBMA01224", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/9150" - }, - { - "name" : "SSRT051023", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/9150" - }, - { - "name" : "14662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14662" - }, - { - "name" : "16555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16555/" - }, - { - "name" : "hp-openview-node-manager-command-execution(21999)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050825 Portcullis Security Advisory 05-014 HP Openview Remote Command", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112499121725662&w=2" + }, + { + "name": "hp-openview-node-manager-command-execution(21999)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21999" + }, + { + "name": "HPSBMA01224", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/9150" + }, + { + "name": "14662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14662" + }, + { + "name": "16555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16555/" + }, + { + "name": "SSRT051023", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/9150" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1200.json b/2007/1xxx/CVE-2007-1200.json index 4ef658b6432..8be7db69969 100644 --- a/2007/1xxx/CVE-2007-1200.json +++ b/2007/1xxx/CVE-2007-1200.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1200", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1200", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1278.json b/2007/1xxx/CVE-2007-1278.json index abb2018e8a8..e37a407f2be 100644 --- a/2007/1xxx/CVE-2007-1278.json +++ b/2007/1xxx/CVE-2007-1278.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-07.html" - }, - { - "name" : "22958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22958" - }, - { - "name" : "ADV-2007-0932", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0932" - }, - { - "name" : "34039", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34039" - }, - { - "name" : "1017752", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017752" - }, - { - "name" : "24488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24488" - }, - { - "name" : "coldfusion-jrun-iisconnector-dos(32994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017752", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017752" + }, + { + "name": "34039", + "refsource": "OSVDB", + "url": "http://osvdb.org/34039" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-07.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-07.html" + }, + { + "name": "24488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24488" + }, + { + "name": "ADV-2007-0932", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0932" + }, + { + "name": "coldfusion-jrun-iisconnector-dos(32994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32994" + }, + { + "name": "22958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22958" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1379.json b/2007/1xxx/CVE-2007-1379.json index ba08e1bc9a4..014de3e96c1 100644 --- a/2007/1xxx/CVE-2007-1379.json +++ b/2007/1xxx/CVE-2007-1379.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php-security.org/MOPB/MOPB-13-2007.html", - "refsource" : "MISC", - "url" : "http://www.php-security.org/MOPB/MOPB-13-2007.html" - }, - { - "name" : "22833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22833" - }, - { - "name" : "34691", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php-security.org/MOPB/MOPB-13-2007.html", + "refsource": "MISC", + "url": "http://www.php-security.org/MOPB/MOPB-13-2007.html" + }, + { + "name": "22833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22833" + }, + { + "name": "34691", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34691" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5273.json b/2007/5xxx/CVE-2007-5273.json index 3cb4a0db84b..d2aef0f12bf 100644 --- a/2007/5xxx/CVE-2007-5273.json +++ b/2007/5xxx/CVE-2007-5273.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071029 FLEA-2007-0061-1 sun-jre sun-jdk", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482926/100/0/threaded" - }, - { - "name" : "20070709 Anti-DNS Pinning and Java Applets", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2007/Jul/0159.html" - }, - { - "name" : "http://crypto.stanford.edu/dns/dns-rebinding.pdf", - "refsource" : "MISC", - "url" : "http://crypto.stanford.edu/dns/dns-rebinding.pdf" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html" - }, - { - "name" : "BEA08-198.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/272" - }, - { - "name" : "GLSA-200804-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" - }, - { - "name" : "GLSA-200804-28", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-28.xml" - }, - { - "name" : "GLSA-200806-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" - }, - { - "name" : "HPSBUX02284", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533" - }, - { - "name" : "SSRT071483", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533" - }, - { - "name" : "RHSA-2007:0963", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0963.html" - }, - { - "name" : "RHSA-2007:1041", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1041.html" - }, - { - "name" : "RHSA-2008:0132", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0132.html" - }, - { - "name" : "RHSA-2008:0156", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0156.html" - }, - { - "name" : "RHSA-2008:0100", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0100.html" - }, - { - "name" : "103078", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1" - }, - { - "name" : "200041", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1" - }, - { - "name" : "SUSE-SA:2007:055", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_55_java.html" - }, - { - "name" : "SUSE-SA:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" - }, - { - "name" : "25918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25918" - }, - { - "name" : "oval:org.mitre.oval:def:10340", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340" - }, - { - "name" : "ADV-2007-3895", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3895" - }, - { - "name" : "ADV-2008-0609", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0609" - }, - { - "name" : "45527", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45527" - }, - { - "name" : "1018771", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018771" - }, - { - "name" : "27206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27206" - }, - { - "name" : "27261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27261" - }, - { - "name" : "27716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27716" - }, - { - "name" : "27693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27693" - }, - { - "name" : "27804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27804" - }, - { - "name" : "28777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28777" - }, - { - "name" : "28880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28880" - }, - { - "name" : "29042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29042" - }, - { - "name" : "29214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29214" - }, - { - "name" : "29340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29340" - }, - { - "name" : "29858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29858" - }, - { - "name" : "29897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29897" - }, - { - "name" : "30780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2008:0132", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html" + }, + { + "name": "RHSA-2007:1041", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html" + }, + { + "name": "ADV-2007-3895", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3895" + }, + { + "name": "29042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29042" + }, + { + "name": "http://crypto.stanford.edu/dns/dns-rebinding.pdf", + "refsource": "MISC", + "url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf" + }, + { + "name": "27693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27693" + }, + { + "name": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html" + }, + { + "name": "1018771", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018771" + }, + { + "name": "SUSE-SA:2007:055", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html" + }, + { + "name": "20070709 Anti-DNS Pinning and Java Applets", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2007/Jul/0159.html" + }, + { + "name": "29897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29897" + }, + { + "name": "27206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27206" + }, + { + "name": "27804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27804" + }, + { + "name": "GLSA-200804-28", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" + }, + { + "name": "HPSBUX02284", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533" + }, + { + "name": "29858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29858" + }, + { + "name": "45527", + "refsource": "OSVDB", + "url": "http://osvdb.org/45527" + }, + { + "name": "RHSA-2007:0963", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html" + }, + { + "name": "25918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25918" + }, + { + "name": "RHSA-2008:0100", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html" + }, + { + "name": "ADV-2008-0609", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0609" + }, + { + "name": "200041", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1" + }, + { + "name": "SUSE-SA:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" + }, + { + "name": "27261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27261" + }, + { + "name": "103078", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1" + }, + { + "name": "SSRT071483", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533" + }, + { + "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded" + }, + { + "name": "28777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28777" + }, + { + "name": "RHSA-2008:0156", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html" + }, + { + "name": "BEA08-198.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/272" + }, + { + "name": "30780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30780" + }, + { + "name": "28880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28880" + }, + { + "name": "27716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27716" + }, + { + "name": "29214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29214" + }, + { + "name": "29340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29340" + }, + { + "name": "oval:org.mitre.oval:def:10340", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340" + }, + { + "name": "GLSA-200804-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" + }, + { + "name": "GLSA-200806-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5292.json b/2007/5xxx/CVE-2007-5292.json index 40506b9cc13..a3144a9437d 100644 --- a/2007/5xxx/CVE-2007-5292.json +++ b/2007/5xxx/CVE-2007-5292.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/10/directory-image-gallery-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/10/directory-image-gallery-xss-vuln.html" - }, - { - "name" : "ADV-2007-3425", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3425" - }, - { - "name" : "38629", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38629" - }, - { - "name" : "directoryimage-photos-xss(36986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38629", + "refsource": "OSVDB", + "url": "http://osvdb.org/38629" + }, + { + "name": "directoryimage-photos-xss(36986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36986" + }, + { + "name": "http://pridels-team.blogspot.com/2007/10/directory-image-gallery-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/10/directory-image-gallery-xss-vuln.html" + }, + { + "name": "ADV-2007-3425", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3425" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5518.json b/2007/5xxx/CVE-2007-5518.json index 0def5358cf9..9ecac976026 100644 --- a/2007/5xxx/CVE-2007-5518.json +++ b/2007/5xxx/CVE-2007-5518.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 10.1.3.2 has unknown impact and remote attack vectors, aka AS03." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=119332677525918&w=2" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=119332677525918&w=2" - }, - { - "name" : "TA07-290A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-290A.html" - }, - { - "name" : "ADV-2007-3524", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3524" - }, - { - "name" : "ADV-2007-3626", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3626" - }, - { - "name" : "1018823", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018823" - }, - { - "name" : "27251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27251" - }, - { - "name" : "27409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 10.1.3.2 has unknown impact and remote attack vectors, aka AS03." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html" + }, + { + "name": "ADV-2007-3524", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3524" + }, + { + "name": "ADV-2007-3626", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3626" + }, + { + "name": "TA07-290A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-290A.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2" + }, + { + "name": "1018823", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018823" + }, + { + "name": "27409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27409" + }, + { + "name": "27251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27251" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3869.json b/2015/3xxx/CVE-2015-3869.json index cec1146146b..4dea5fa506b 100644 --- a/2015/3xxx/CVE-2015-3869.json +++ b/2015/3xxx/CVE-2015-3869.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-3869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4313.json b/2015/4xxx/CVE-2015-4313.json index 7b65c0d59ba..23cd9747b8d 100644 --- a/2015/4xxx/CVE-2015-4313.json +++ b/2015/4xxx/CVE-2015-4313.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4313", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4313", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4350.json b/2015/4xxx/CVE-2015-4350.json index d7fff271f9f..eb92554a5dd 100644 --- a/2015/4xxx/CVE-2015-4350.json +++ b/2015/4xxx/CVE-2015-4350.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2437977", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2437977" - }, - { - "name" : "72798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72798" + }, + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "https://www.drupal.org/node/2437977", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2437977" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4774.json b/2015/4xxx/CVE-2015-4774.json index a122c1d0b7b..cbd91f87da2 100644 --- a/2015/4xxx/CVE-2015-4774.json +++ b/2015/4xxx/CVE-2015-4774.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect integrity and availability via unknown vectors, a different vulnerability than CVE-2015-4779 and CVE-2015-4788." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect integrity and availability via unknown vectors, a different vulnerability than CVE-2015-4779 and CVE-2015-4788." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7100.json b/2015/7xxx/CVE-2015-7100.json index 9c37b965354..d888d0f8e22 100644 --- a/2015/7xxx/CVE-2015-7100.json +++ b/2015/7xxx/CVE-2015-7100.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-7100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205635", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205635" - }, - { - "name" : "https://support.apple.com/HT205639", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205639" - }, - { - "name" : "https://support.apple.com/HT205640", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205640" - }, - { - "name" : "https://support.apple.com/kb/HT205636", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205636" - }, - { - "name" : "APPLE-SA-2015-12-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-12-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-12-08-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html" - }, - { - "name" : "openSUSE-SU-2016:0761", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" - }, - { - "name" : "78726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78726" - }, - { - "name" : "1034341", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205635", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205635" + }, + { + "name": "https://support.apple.com/kb/HT205636", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205636" + }, + { + "name": "openSUSE-SU-2016:0761", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" + }, + { + "name": "APPLE-SA-2015-12-08-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html" + }, + { + "name": "APPLE-SA-2015-12-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html" + }, + { + "name": "https://support.apple.com/HT205639", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205639" + }, + { + "name": "https://support.apple.com/HT205640", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205640" + }, + { + "name": "1034341", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034341" + }, + { + "name": "APPLE-SA-2015-12-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html" + }, + { + "name": "78726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78726" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7560.json b/2015/7xxx/CVE-2015-7560.json index 8e6e93c62e1..6fe23d6ae4f 100644 --- a/2015/7xxx/CVE-2015-7560.json +++ b/2015/7xxx/CVE-2015-7560.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-7560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.samba.org/show_bug.cgi?id=11648", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.samba.org/show_bug.cgi?id=11648" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2015-7560.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2015-7560.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842" - }, - { - "name" : "DSA-3514", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3514" - }, - { - "name" : "FEDORA-2016-4b55f00d00", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html" - }, - { - "name" : "FEDORA-2016-ed1587f6ba", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html" - }, - { - "name" : "FEDORA-2016-cad77a4576", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html" - }, - { - "name" : "SUSE-SU-2016:0905", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html" - }, - { - "name" : "openSUSE-SU-2016:1064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "openSUSE-SU-2016:0813", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html" - }, - { - "name" : "SUSE-SU-2016:0814", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html" - }, - { - "name" : "SUSE-SU-2016:0816", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html" - }, - { - "name" : "SUSE-SU-2016:0837", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html" - }, - { - "name" : "openSUSE-SU-2016:0877", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html" - }, - { - "name" : "USN-2922-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2922-1" - }, - { - "name" : "84267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84267" - }, - { - "name" : "1035220", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84267" + }, + { + "name": "openSUSE-SU-2016:1064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" + }, + { + "name": "SUSE-SU-2016:0837", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html" + }, + { + "name": "openSUSE-SU-2016:0813", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html" + }, + { + "name": "openSUSE-SU-2016:0877", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842" + }, + { + "name": "1035220", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035220" + }, + { + "name": "FEDORA-2016-cad77a4576", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html" + }, + { + "name": "SUSE-SU-2016:0814", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2015-7560.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2015-7560.html" + }, + { + "name": "https://bugzilla.samba.org/show_bug.cgi?id=11648", + "refsource": "CONFIRM", + "url": "https://bugzilla.samba.org/show_bug.cgi?id=11648" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "FEDORA-2016-4b55f00d00", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html" + }, + { + "name": "FEDORA-2016-ed1587f6ba", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "SUSE-SU-2016:0905", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html" + }, + { + "name": "SUSE-SU-2016:0816", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html" + }, + { + "name": "USN-2922-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2922-1" + }, + { + "name": "DSA-3514", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3514" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8119.json b/2015/8xxx/CVE-2015-8119.json index bfc339dbbe7..f29b9be2ad0 100644 --- a/2015/8xxx/CVE-2015-8119.json +++ b/2015/8xxx/CVE-2015-8119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8119", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8119", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8155.json b/2015/8xxx/CVE-2015-8155.json index eaf1470c013..5b65f8d9b60 100644 --- a/2015/8xxx/CVE-2015-8155.json +++ b/2015/8xxx/CVE-2015-8155.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8155", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8155", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8241.json b/2015/8xxx/CVE-2015-8241.json index 205289d3d08..d081801b992 100644 --- a/2015/8xxx/CVE-2015-8241.json +++ b/2015/8xxx/CVE-2015-8241.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151118 Buffer overflow in libxml2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/17/5" - }, - { - "name" : "[oss-security] 20151118 Re: Buffer overflow in libxml2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/18/23" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=756263", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=756263" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1281936", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1281936" - }, - { - "name" : "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-3430", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3430" - }, - { - "name" : "HPSBGN03537", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=145382616617563&w=2" - }, - { - "name" : "RHSA-2015:2549", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2549.html" - }, - { - "name" : "RHSA-2015:2550", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2550.html" - }, - { - "name" : "RHSA-2016:1089", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1089.html" - }, - { - "name" : "openSUSE-SU-2015:2372", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html" - }, - { - "name" : "openSUSE-SU-2016:0106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html" - }, - { - "name" : "USN-2834-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2834-1" - }, - { - "name" : "77621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77621" - }, - { - "name" : "1034243", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:2550", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html" + }, + { + "name": "openSUSE-SU-2016:0106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html" + }, + { + "name": "[oss-security] 20151118 Buffer overflow in libxml2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5" + }, + { + "name": "DSA-3430", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3430" + }, + { + "name": "RHSA-2016:1089", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "77621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77621" + }, + { + "name": "USN-2834-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2834-1" + }, + { + "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23" + }, + { + "name": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe" + }, + { + "name": "1034243", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034243" + }, + { + "name": "RHSA-2015:2549", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html" + }, + { + "name": "HPSBGN03537", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "openSUSE-SU-2015:2372", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756263", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8449.json b/2015/8xxx/CVE-2015-8449.json index 5253003d070..013b6031d47 100644 --- a/2015/8xxx/CVE-2015-8449.json +++ b/2015/8xxx/CVE-2015-8449.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted lineTo method call, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-15-612", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-15-612" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted lineTo method call, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-15-612", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-15-612" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9207.json b/2015/9xxx/CVE-2015-9207.json index 55688c8a59a..03655d4ca83 100644 --- a/2015/9xxx/CVE-2015-9207.json +++ b/2015/9xxx/CVE-2015-9207.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of input validation in playready_getadditional_responsedata could lead to a buffer overread." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overread vulnerability in QTEE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of input validation in playready_getadditional_responsedata could lead to a buffer overread." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overread vulnerability in QTEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9274.json b/2015/9xxx/CVE-2015-9274.json index b49b4c8c413..7e2692288db 100644 --- a/2015/9xxx/CVE-2015-9274.json +++ b/2015/9xxx/CVE-2015-9274.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7", - "refsource" : "MISC", - "url" : "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7", + "refsource": "MISC", + "url": "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1121.json b/2016/1xxx/CVE-2016-1121.json index 2161be6ac93..b99115ed7df 100644 --- a/2016/1xxx/CVE-2016-1121.json +++ b/2016/1xxx/CVE-2016-1121.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-1121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html" - }, - { - "name" : "90512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90512" - }, - { - "name" : "1035828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "90512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90512" + }, + { + "name": "1035828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035828" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1283.json b/2016/1xxx/CVE-2016-1283.json index 3bd94b73095..c0723c6daa2 100644 --- a/2016/1xxx/CVE-2016-1283.json +++ b/2016/1xxx/CVE-2016-1283.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\\\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\\){97)?J)?J)(?'R'(?'R'\\){99|(:(?|(?'R')(\\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.exim.org/show_bug.cgi?id=1767", - "refsource" : "CONFIRM", - "url" : "https://bugs.exim.org/show_bug.cgi?id=1767" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa128", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa128" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-14", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-14" - }, - { - "name" : "FEDORA-2016-65833b5dbc", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html" - }, - { - "name" : "FEDORA-2016-f5af8e27ce", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html" - }, - { - "name" : "GLSA-201607-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-02" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "SSA:2016-172-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110" - }, - { - "name" : "79825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79825" - }, - { - "name" : "1034555", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\\\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\\){97)?J)?J)(?'R'(?'R'\\){99|(:(?|(?'R')(\\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "https://bugs.exim.org/show_bug.cgi?id=1767", + "refsource": "CONFIRM", + "url": "https://bugs.exim.org/show_bug.cgi?id=1767" + }, + { + "name": "SSA:2016-172-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110" + }, + { + "name": "79825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79825" + }, + { + "name": "FEDORA-2016-f5af8e27ce", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html" + }, + { + "name": "FEDORA-2016-65833b5dbc", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + }, + { + "name": "https://www.tenable.com/security/tns-2017-14", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-14" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa128", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa128" + }, + { + "name": "1034555", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034555" + }, + { + "name": "GLSA-201607-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-02" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1487.json b/2016/1xxx/CVE-2016-1487.json index 8256cbeb86d..d7618680485 100644 --- a/2016/1xxx/CVE-2016-1487.json +++ b/2016/1xxx/CVE-2016-1487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1487", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1487", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1841.json b/2016/1xxx/CVE-2016-1841.json index e3ec5083c3f..1b5bac2d4af 100644 --- a/2016/1xxx/CVE-2016-1841.json +++ b/2016/1xxx/CVE-2016-1841.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206564", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206564" - }, - { - "name" : "https://support.apple.com/HT206566", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206566" - }, - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "https://support.apple.com/HT206568", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206568" - }, - { - "name" : "APPLE-SA-2016-05-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2016-05-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" - }, - { - "name" : "APPLE-SA-2016-05-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "90691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90691" - }, - { - "name" : "1035890", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "90691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90691" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "https://support.apple.com/HT206566", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206566" + }, + { + "name": "APPLE-SA-2016-05-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html" + }, + { + "name": "https://support.apple.com/HT206564", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206564" + }, + { + "name": "1035890", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035890" + }, + { + "name": "APPLE-SA-2016-05-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" + }, + { + "name": "https://support.apple.com/HT206568", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206568" + }, + { + "name": "APPLE-SA-2016-05-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5021.json b/2016/5xxx/CVE-2016-5021.json index 3e3e024575f..6c801b8606a 100644 --- a/2016/5xxx/CVE-2016-5021.json +++ b/2016/5xxx/CVE-2016-5021.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/" - }, - { - "name" : "1036172", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/" + }, + { + "name": "1036172", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036172" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5213.json b/2016/5xxx/CVE-2016-5213.json index 0d42b42b65f..53d6bb0f57f 100644 --- a/2016/5xxx/CVE-2016-5213.json +++ b/2016/5xxx/CVE-2016-5213.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-5213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/652548", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/652548" - }, - { - "name" : "GLSA-201612-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-11" - }, - { - "name" : "RHSA-2016:2919", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2919.html" - }, - { - "name" : "94633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2919", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2919.html" + }, + { + "name": "94633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94633" + }, + { + "name": "https://crbug.com/652548", + "refsource": "CONFIRM", + "url": "https://crbug.com/652548" + }, + { + "name": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201612-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-11" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5684.json b/2016/5xxx/CVE-2016-5684.json index 487f756d880..5d3bc36da85 100644 --- a/2016/5xxx/CVE-2016-5684.json +++ b/2016/5xxx/CVE-2016-5684.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-5684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeImage", - "version" : { - "version_data" : [ - { - "version_value" : "3.17.0" - } - ] - } - } - ] - }, - "vendor_name" : "FreeImage" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeImage", + "version": { + "version_data": [ + { + "version_value": "3.17.0" + } + ] + } + } + ] + }, + "vendor_name": "FreeImage" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0189/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0189/" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "GLSA-201701-68", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-68" - }, - { - "name" : "93287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0189/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0189/" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "93287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93287" + }, + { + "name": "GLSA-201701-68", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-68" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5698.json b/2016/5xxx/CVE-2016-5698.json index 5593ded7716..2edc72df76a 100644 --- a/2016/5xxx/CVE-2016-5698.json +++ b/2016/5xxx/CVE-2016-5698.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5698", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5698", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5982.json b/2016/5xxx/CVE-2016-5982.json index bf31aff8dfc..094c3c4d702 100644 --- a/2016/5xxx/CVE-2016-5982.json +++ b/2016/5xxx/CVE-2016-5982.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5982", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5982", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2364.json b/2018/2xxx/CVE-2018-2364.json index d62665c525c..674c1d8ff64 100644 --- a/2018/2xxx/CVE-2018-2364.json +++ b/2018/2xxx/CVE-2018-2364.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP CRM WebClient UI", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "7.01" - }, - { - "version_affected" : "=", - "version_value" : "7.31" - }, - { - "version_affected" : "=", - "version_value" : "7.46" - }, - { - "version_affected" : "=", - "version_value" : "7.47" - }, - { - "version_affected" : "=", - "version_value" : "7.48" - }, - { - "version_affected" : "=", - "version_value" : "8.00" - }, - { - "version_affected" : "=", - "version_value" : "8.01" - } - ] - } - }, - { - "product_name" : "S4FND", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "1.02" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP CRM WebClient UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.01" + }, + { + "version_affected": "=", + "version_value": "7.31" + }, + { + "version_affected": "=", + "version_value": "7.46" + }, + { + "version_affected": "=", + "version_value": "7.47" + }, + { + "version_affected": "=", + "version_value": "7.48" + }, + { + "version_affected": "=", + "version_value": "8.00" + }, + { + "version_affected": "=", + "version_value": "8.01" + } + ] + } + }, + { + "product_name": "S4FND", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.02" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2541700", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2541700" - }, - { - "name" : "103002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103002" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2541700", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2541700" + }, + { + "name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2437.json b/2018/2xxx/CVE-2018-2437.json index 9e744f36254..69fc5a457d2 100644 --- a/2018/2xxx/CVE-2018-2437.json +++ b/2018/2xxx/CVE-2018-2437.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : " SAP Internet Graphics Server (IGS)", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "7.20" - }, - { - "version_name" : "=", - "version_value" : "7.20EXT" - }, - { - "version_name" : "=", - "version_value" : "7.45" - }, - { - "version_name" : "=", - "version_value" : "7.49" - }, - { - "version_name" : "=", - "version_value" : "7.53" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Disclosure of information and malicious file insertion or modification." - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": " SAP Internet Graphics Server (IGS)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.20" + }, + { + "version_name": "=", + "version_value": "7.20EXT" + }, + { + "version_name": "=", + "version_value": "7.45" + }, + { + "version_name": "=", + "version_value": "7.49" + }, + { + "version_name": "=", + "version_value": "7.53" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2644227", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2644227" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000" - }, - { - "name" : "104705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104705" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Disclosure of information and malicious file insertion or modification." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104705" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2644227", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2644227" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2451.json b/2018/2xxx/CVE-2018-2451.json index 9fc17bc15ab..f8f463df186 100644 --- a/2018/2xxx/CVE-2018-2451.json +++ b/2018/2xxx/CVE-2018-2451.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP HANA Extended Application Services", - "version" : { - "version_data" : [ - { - "version_name" : "", - "version_value" : "1.0" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP HANA Extended Application Services", + "version": { + "version_data": [ + { + "version_name": "", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2590705", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2590705" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742" - }, - { - "name" : "105091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105091" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105091" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2590705", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2590705" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2517.json b/2018/2xxx/CVE-2018-2517.json index 7954faf9d57..1235c4caa5d 100644 --- a/2018/2xxx/CVE-2018-2517.json +++ b/2018/2xxx/CVE-2018-2517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2517", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2747.json b/2018/2xxx/CVE-2018-2747.json index 37e6ec3627d..10eed94e3ea 100644 --- a/2018/2xxx/CVE-2018-2747.json +++ b/2018/2xxx/CVE-2018-2747.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3.0" - }, - { - "version_affected" : "=", - "version_value" : "11.4.0" - }, - { - "version_affected" : "=", - "version_value" : "12.0.1" - }, - { - "version_affected" : "=", - "version_value" : "12.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.0.3" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.4.0" - }, - { - "version_affected" : "=", - "version_value" : "14.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3.0" + }, + { + "version_affected": "=", + "version_value": "11.4.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.2" + }, + { + "version_affected": "=", + "version_value": "12.0.3" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "12.4.0" + }, + { + "version_affected": "=", + "version_value": "14.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103844" - }, - { - "name" : "1040693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040693" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "103844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103844" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0133.json b/2019/0xxx/CVE-2019-0133.json index e4ceba494e6..a229b1065b5 100644 --- a/2019/0xxx/CVE-2019-0133.json +++ b/2019/0xxx/CVE-2019-0133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0215.json b/2019/0xxx/CVE-2019-0215.json index 430d6f6ac86..9a0f6472f89 100644 --- a/2019/0xxx/CVE-2019-0215.json +++ b/2019/0xxx/CVE-2019-0215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0215", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0215", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0602.json b/2019/0xxx/CVE-2019-0602.json index 017b6ea7906..0db0255ea9c 100644 --- a/2019/0xxx/CVE-2019-0602.json +++ b/2019/0xxx/CVE-2019-0602.json @@ -1,185 +1,185 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2019-0602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "8.1 for 32-bit systems" - }, - { - "version_value" : "8.1 for x64-based systems" - }, - { - "version_value" : "RT 8.1" - }, - { - "version_value" : "10 for 32-bit Systems" - }, - { - "version_value" : "10 for x64-based Systems" - }, - { - "version_value" : "10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "10 Version 1709 for ARM64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server", - "version" : { - "version_data" : [ - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value" : "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value" : "2012" - }, - { - "version_value" : "2012 (Core installation)" - }, - { - "version_value" : "2012 R2" - }, - { - "version_value" : "2012 R2 (Core installation)" - }, - { - "version_value" : "2016" - }, - { - "version_value" : "2016 (Core installation)" - }, - { - "version_value" : "version 1709 (Core Installation)" - }, - { - "version_value" : "version 1803 (Core Installation)" - }, - { - "version_value" : "2019" - }, - { - "version_value" : "2019 (Core installation)" - }, - { - "version_value" : "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "2008 for x64-based Systems Service Pack 2 (Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "10 Version 1703 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "version 1709 (Core Installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602" - }, - { - "name" : "106858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106858" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0729.json b/2019/0xxx/CVE-2019-0729.json index 3c8d42a9f77..f79972504e8 100644 --- a/2019/0xxx/CVE-2019-0729.json +++ b/2019/0xxx/CVE-2019-0729.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2019-0729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java SDK for Azure IoT", - "version" : { - "version_data" : [ - { - "version_value" : "" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java SDK for Azure IoT", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729" - }, - { - "name" : "106966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729" + }, + { + "name": "106966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106966" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1056.json b/2019/1xxx/CVE-2019-1056.json index 8553ad9055c..1bdc5e69651 100644 --- a/2019/1xxx/CVE-2019-1056.json +++ b/2019/1xxx/CVE-2019-1056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1272.json b/2019/1xxx/CVE-2019-1272.json index b568e12e296..07c802051bb 100644 --- a/2019/1xxx/CVE-2019-1272.json +++ b/2019/1xxx/CVE-2019-1272.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1272", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1272", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1908.json b/2019/1xxx/CVE-2019-1908.json index e347c4f91e7..34a367a78e4 100644 --- a/2019/1xxx/CVE-2019-1908.json +++ b/2019/1xxx/CVE-2019-1908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1908", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1908", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1948.json b/2019/1xxx/CVE-2019-1948.json index 09b1bab6c52..928bc9b5bc9 100644 --- a/2019/1xxx/CVE-2019-1948.json +++ b/2019/1xxx/CVE-2019-1948.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1948", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1948", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4146.json b/2019/4xxx/CVE-2019-4146.json index 26cc617fedf..2b3c1e0b1e1 100644 --- a/2019/4xxx/CVE-2019-4146.json +++ b/2019/4xxx/CVE-2019-4146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4146", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4146", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4265.json b/2019/4xxx/CVE-2019-4265.json index cbd0c7d55d6..9da58a31cac 100644 --- a/2019/4xxx/CVE-2019-4265.json +++ b/2019/4xxx/CVE-2019-4265.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4265", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4265", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4709.json b/2019/4xxx/CVE-2019-4709.json index 0c6cd81c5c8..69d8968a589 100644 --- a/2019/4xxx/CVE-2019-4709.json +++ b/2019/4xxx/CVE-2019-4709.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4709", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4709", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4797.json b/2019/4xxx/CVE-2019-4797.json index e37b2101442..908a98f0ed9 100644 --- a/2019/4xxx/CVE-2019-4797.json +++ b/2019/4xxx/CVE-2019-4797.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4797", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4797", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5113.json b/2019/5xxx/CVE-2019-5113.json index 2ca29a619ca..c0558753cbd 100644 --- a/2019/5xxx/CVE-2019-5113.json +++ b/2019/5xxx/CVE-2019-5113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5367.json b/2019/5xxx/CVE-2019-5367.json index faefa6d0691..3ad103ecb3f 100644 --- a/2019/5xxx/CVE-2019-5367.json +++ b/2019/5xxx/CVE-2019-5367.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5367", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5367", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5526.json b/2019/5xxx/CVE-2019-5526.json index 4f67489955e..42d600e3628 100644 --- a/2019/5xxx/CVE-2019-5526.json +++ b/2019/5xxx/CVE-2019-5526.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5526", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5526", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5676.json b/2019/5xxx/CVE-2019-5676.json index 63b4d512014..8aa4a32e076 100644 --- a/2019/5xxx/CVE-2019-5676.json +++ b/2019/5xxx/CVE-2019-5676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file