From bd9c6eb038fc26a90176c81a6ab99f157db34418 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:48:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0495.json | 150 ++++++------- 2007/0xxx/CVE-2007-0741.json | 190 ++++++++-------- 2007/1xxx/CVE-2007-1474.json | 200 ++++++++--------- 2007/3xxx/CVE-2007-3570.json | 150 ++++++------- 2007/3xxx/CVE-2007-3617.json | 140 ++++++------ 2007/3xxx/CVE-2007-3684.json | 170 +++++++-------- 2007/3xxx/CVE-2007-3906.json | 170 +++++++-------- 2007/4xxx/CVE-2007-4080.json | 130 +++++------ 2007/4xxx/CVE-2007-4125.json | 190 ++++++++-------- 2007/4xxx/CVE-2007-4289.json | 180 +++++++-------- 2007/4xxx/CVE-2007-4391.json | 210 +++++++++--------- 2007/4xxx/CVE-2007-4873.json | 180 +++++++-------- 2014/5xxx/CVE-2014-5286.json | 140 ++++++------ 2014/5xxx/CVE-2014-5441.json | 140 ++++++------ 2014/5xxx/CVE-2014-5653.json | 140 ++++++------ 2014/5xxx/CVE-2014-5771.json | 140 ++++++------ 2015/2xxx/CVE-2015-2046.json | 140 ++++++------ 2015/2xxx/CVE-2015-2736.json | 310 +++++++++++++------------- 2015/2xxx/CVE-2015-2948.json | 150 ++++++------- 2015/2xxx/CVE-2015-2981.json | 140 ++++++------ 2015/6xxx/CVE-2015-6052.json | 140 ++++++------ 2015/6xxx/CVE-2015-6321.json | 140 ++++++------ 2015/6xxx/CVE-2015-6453.json | 34 +-- 2015/6xxx/CVE-2015-6538.json | 130 +++++------ 2015/6xxx/CVE-2015-6787.json | 340 ++++++++++++++--------------- 2015/6xxx/CVE-2015-6923.json | 160 +++++++------- 2015/7xxx/CVE-2015-7432.json | 130 +++++------ 2015/7xxx/CVE-2015-7747.json | 34 +-- 2015/7xxx/CVE-2015-7826.json | 130 +++++------ 2015/7xxx/CVE-2015-7883.json | 34 +-- 2016/0xxx/CVE-2016-0431.json | 130 +++++------ 2016/0xxx/CVE-2016-0770.json | 150 ++++++------- 2016/0xxx/CVE-2016-0878.json | 120 +++++----- 2016/0xxx/CVE-2016-0895.json | 140 ++++++------ 2016/1000xxx/CVE-2016-1000164.json | 34 +-- 2016/10xxx/CVE-2016-10009.json | 260 +++++++++++----------- 2016/10xxx/CVE-2016-10235.json | 142 ++++++------ 2016/10xxx/CVE-2016-10458.json | 132 +++++------ 2016/1xxx/CVE-2016-1543.json | 170 +++++++-------- 2016/1xxx/CVE-2016-1621.json | 180 +++++++-------- 2016/4xxx/CVE-2016-4161.json | 150 ++++++------- 2016/4xxx/CVE-2016-4365.json | 120 +++++----- 2016/4xxx/CVE-2016-4401.json | 34 +-- 2016/4xxx/CVE-2016-4545.json | 130 +++++------ 2019/3xxx/CVE-2019-3007.json | 34 +-- 2019/3xxx/CVE-2019-3484.json | 34 +-- 2019/3xxx/CVE-2019-3727.json | 34 +-- 2019/3xxx/CVE-2019-3845.json | 34 +-- 2019/4xxx/CVE-2019-4100.json | 34 +-- 2019/4xxx/CVE-2019-4431.json | 34 +-- 2019/4xxx/CVE-2019-4483.json | 34 +-- 2019/6xxx/CVE-2019-6032.json | 34 +-- 2019/6xxx/CVE-2019-6644.json | 34 +-- 2019/7xxx/CVE-2019-7093.json | 34 +-- 2019/7xxx/CVE-2019-7430.json | 34 +-- 2019/7xxx/CVE-2019-7519.json | 34 +-- 2019/7xxx/CVE-2019-7673.json | 120 +++++----- 2019/7xxx/CVE-2019-7842.json | 34 +-- 2019/8xxx/CVE-2019-8386.json | 34 +-- 2019/8xxx/CVE-2019-8585.json | 34 +-- 2019/8xxx/CVE-2019-8777.json | 34 +-- 2019/8xxx/CVE-2019-8953.json | 160 +++++++------- 2019/9xxx/CVE-2019-9008.json | 34 +-- 2019/9xxx/CVE-2019-9323.json | 34 +-- 2019/9xxx/CVE-2019-9413.json | 34 +-- 65 files changed, 3725 insertions(+), 3725 deletions(-) diff --git a/2007/0xxx/CVE-2007-0495.json b/2007/0xxx/CVE-2007-0495.json index 2ea851215f8..2e4e8c7a60b 100644 --- a/2007/0xxx/CVE-2007-0495.json +++ b/2007/0xxx/CVE-2007-0495.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3161", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3161" - }, - { - "name" : "ADV-2007-0263", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0263" - }, - { - "name" : "31599", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31599" - }, - { - "name" : "23817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0263", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0263" + }, + { + "name": "23817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23817" + }, + { + "name": "3161", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3161" + }, + { + "name": "31599", + "refsource": "OSVDB", + "url": "http://osvdb.org/31599" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0741.json b/2007/0xxx/CVE-2007-0741.json index b3c36701e96..346662335c6 100644 --- a/2007/0xxx/CVE-2007-0741.json +++ b/2007/0xxx/CVE-2007-0741.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=305391", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305391" - }, - { - "name" : "APPLE-SA-2007-04-19", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html" - }, - { - "name" : "TA07-109A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-109A.html" - }, - { - "name" : "23569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23569" - }, - { - "name" : "ADV-2007-1470", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1470" - }, - { - "name" : "34865", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34865" - }, - { - "name" : "1017942", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017942" - }, - { - "name" : "24966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24966" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305391", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305391" + }, + { + "name": "23569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23569" + }, + { + "name": "1017942", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017942" + }, + { + "name": "TA07-109A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html" + }, + { + "name": "34865", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34865" + }, + { + "name": "APPLE-SA-2007-04-19", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html" + }, + { + "name": "ADV-2007-1470", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1470" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1474.json b/2007/1xxx/CVE-2007-1474.json index ac8f422098c..157dff34591 100644 --- a/2007/1xxx/CVE-2007-1474.json +++ b/2007/1xxx/CVE-2007-1474.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489" - }, - { - "name" : "[announce] 20070314 Horde 3.1.4 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2007/000315.html" - }, - { - "name" : "DSA-1406", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1406" - }, - { - "name" : "22985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22985" - }, - { - "name" : "ADV-2007-0965", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0965" - }, - { - "name" : "1017784", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017784" - }, - { - "name" : "1017785", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017785" - }, - { - "name" : "27565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27565" - }, - { - "name" : "horde-cron-file-deletion(32997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070315 Horde Project Cleanup Script Arbitrary File Deletion Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489" + }, + { + "name": "1017784", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017784" + }, + { + "name": "27565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27565" + }, + { + "name": "horde-cron-file-deletion(32997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32997" + }, + { + "name": "22985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22985" + }, + { + "name": "1017785", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017785" + }, + { + "name": "DSA-1406", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1406" + }, + { + "name": "ADV-2007-0965", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0965" + }, + { + "name": "[announce] 20070314 Horde 3.1.4 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2007/000315.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3570.json b/2007/3xxx/CVE-2007-3570.json index 09a19b65d73..6af07c8e36e 100644 --- a/2007/3xxx/CVE-2007-3570.json +++ b/2007/3xxx/CVE-2007-3570.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz" - }, - { - "name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html" - }, - { - "name" : "ADV-2007-2390", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2390" - }, - { - "name" : "ADV-2007-3075", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2390", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2390" + }, + { + "name": "ADV-2007-3075", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3075" + }, + { + "name": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz", + "refsource": "CONFIRM", + "url": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz" + }, + { + "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3617.json b/2007/3xxx/CVE-2007-3617.json index 1bef332e5bd..8dd8245b37d 100644 --- a/2007/3xxx/CVE-2007-3617.json +++ b/2007/3xxx/CVE-2007-3617.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", - "refsource" : "CONFIRM", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9" - }, - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692", - "refsource" : "CONFIRM", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692" - }, - { - "name" : "45804", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", + "refsource": "CONFIRM", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9" + }, + { + "name": "45804", + "refsource": "OSVDB", + "url": "http://osvdb.org/45804" + }, + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692", + "refsource": "CONFIRM", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3684.json b/2007/3xxx/CVE-2007-3684.json index a53980a4315..d9a7162f2f5 100644 --- a/2007/3xxx/CVE-2007-3684.json +++ b/2007/3xxx/CVE-2007-3684.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml" - }, - { - "name" : "24840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24840" - }, - { - "name" : "35933", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35933" - }, - { - "name" : "35934", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35934" - }, - { - "name" : "25985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25985" - }, - { - "name" : "unobtrusive-ajax-dbrpc-sql-injection(35328)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25985" + }, + { + "name": "http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml" + }, + { + "name": "35934", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35934" + }, + { + "name": "24840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24840" + }, + { + "name": "unobtrusive-ajax-dbrpc-sql-injection(35328)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35328" + }, + { + "name": "35933", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35933" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3906.json b/2007/3xxx/CVE-2007-3906.json index 99996ece370..50745474c98 100644 --- a/2007/3xxx/CVE-2007-3906.json +++ b/2007/3xxx/CVE-2007-3906.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.kaspersky.com/checkpoint?qid=208279464", - "refsource" : "CONFIRM", - "url" : "http://support.kaspersky.com/checkpoint?qid=208279464" - }, - { - "name" : "24932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24932" - }, - { - "name" : "ADV-2007-2561", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2561" - }, - { - "name" : "36127", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36127" - }, - { - "name" : "26064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26064" - }, - { - "name" : "kaspersky-checkpoint-unspecified-dos(35454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.kaspersky.com/checkpoint?qid=208279464", + "refsource": "CONFIRM", + "url": "http://support.kaspersky.com/checkpoint?qid=208279464" + }, + { + "name": "24932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24932" + }, + { + "name": "26064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26064" + }, + { + "name": "kaspersky-checkpoint-unspecified-dos(35454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35454" + }, + { + "name": "36127", + "refsource": "OSVDB", + "url": "http://osvdb.org/36127" + }, + { + "name": "ADV-2007-2561", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2561" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4080.json b/2007/4xxx/CVE-2007-4080.json index 16b97a5f205..492f5526c33 100644 --- a/2007/4xxx/CVE-2007-4080.json +++ b/2007/4xxx/CVE-2007-4080.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html" - }, - { - "name" : "37266", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html" + }, + { + "name": "37266", + "refsource": "OSVDB", + "url": "http://osvdb.org/37266" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4125.json b/2007/4xxx/CVE-2007-4125.json index 4af29c49da0..b0b0d86553f 100644 --- a/2007/4xxx/CVE-2007-4125.json +++ b/2007/4xxx/CVE-2007-4125.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02248", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01087206" - }, - { - "name" : "SSRT071437", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01087206" - }, - { - "name" : "25147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25147" - }, - { - "name" : "oval:org.mitre.oval:def:5243", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5243" - }, - { - "name" : "ADV-2007-2728", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2728" - }, - { - "name" : "1018482", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018482" - }, - { - "name" : "26279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26279" - }, - { - "name" : "hpux-arpatransport-dos(35702)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25147" + }, + { + "name": "26279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26279" + }, + { + "name": "1018482", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018482" + }, + { + "name": "oval:org.mitre.oval:def:5243", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5243" + }, + { + "name": "HPSBUX02248", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01087206" + }, + { + "name": "ADV-2007-2728", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2728" + }, + { + "name": "SSRT071437", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01087206" + }, + { + "name": "hpux-arpatransport-dos(35702)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35702" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4289.json b/2007/4xxx/CVE-2007-4289.json index b47fdc43e03..ab227d921f6 100644 --- a/2007/4xxx/CVE-2007-4289.json +++ b/2007/4xxx/CVE-2007-4289.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473553/100/0/threaded" - }, - { - "name" : "http://www.isecpartners.com/advisories/2007-04-dsig.txt", - "refsource" : "MISC", - "url" : "http://www.isecpartners.com/advisories/2007-04-dsig.txt" - }, - { - "name" : "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf", - "refsource" : "MISC", - "url" : "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf" - }, - { - "name" : "103015", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103015-1" - }, - { - "name" : "1018513", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018513" - }, - { - "name" : "26327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26327" - }, - { - "name" : "sun-jsps-xslt-code-execution(35811)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded" + }, + { + "name": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf", + "refsource": "MISC", + "url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf" + }, + { + "name": "26327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26327" + }, + { + "name": "sun-jsps-xslt-code-execution(35811)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35811" + }, + { + "name": "1018513", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018513" + }, + { + "name": "http://www.isecpartners.com/advisories/2007-04-dsig.txt", + "refsource": "MISC", + "url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt" + }, + { + "name": "103015", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103015-1" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4391.json b/2007/4xxx/CVE-2007-4391.json index 7cd3d78aa74..66ff8415f74 100644 --- a/2007/4xxx/CVE-2007-4391.json +++ b/2007/4xxx/CVE-2007-4391.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.team509.com/expyahoo.rar", - "refsource" : "MISC", - "url" : "http://www.team509.com/expyahoo.rar" - }, - { - "name" : "https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=64639&page=1#entry321749", - "refsource" : "MISC", - "url" : "https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=64639&page=1#entry321749" - }, - { - "name" : "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/", - "refsource" : "MISC", - "url" : "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/" - }, - { - "name" : "VU#515968", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/515968" - }, - { - "name" : "25330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25330" - }, - { - "name" : "ADV-2007-2917", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2917" - }, - { - "name" : "38221", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38221" - }, - { - "name" : "1018586", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018586" - }, - { - "name" : "26501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26501" - }, - { - "name" : "yahoo-messenger-webcam-bo(36115)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2917", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2917" + }, + { + "name": "yahoo-messenger-webcam-bo(36115)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115" + }, + { + "name": "VU#515968", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/515968" + }, + { + "name": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/", + "refsource": "MISC", + "url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/" + }, + { + "name": "http://www.team509.com/expyahoo.rar", + "refsource": "MISC", + "url": "http://www.team509.com/expyahoo.rar" + }, + { + "name": "26501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26501" + }, + { + "name": "25330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25330" + }, + { + "name": "38221", + "refsource": "OSVDB", + "url": "http://osvdb.org/38221" + }, + { + "name": "1018586", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018586" + }, + { + "name": "https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=64639&page=1#entry321749", + "refsource": "MISC", + "url": "https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=64639&page=1#entry321749" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4873.json b/2007/4xxx/CVE-2007-4873.json index 44728c0f67c..f768ab0a46c 100644 --- a/2007/4xxx/CVE-2007-4873.json +++ b/2007/4xxx/CVE-2007-4873.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/480601/100/0/threaded" - }, - { - "name" : "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066056.html" - }, - { - "name" : "http://www.netvigilance.com/advisory0069", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0069" - }, - { - "name" : "http://forum.boesch-it.de/viewtopic.php?t=2791", - "refsource" : "CONFIRM", - "url" : "http://forum.boesch-it.de/viewtopic.php?t=2791" - }, - { - "name" : "45479", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45479" - }, - { - "name" : "3173", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3173" - }, - { - "name" : "simpnews-dbtables-information-disclosure(36778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "simpnews-dbtables-information-disclosure(36778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36778" + }, + { + "name": "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066056.html" + }, + { + "name": "http://forum.boesch-it.de/viewtopic.php?t=2791", + "refsource": "CONFIRM", + "url": "http://forum.boesch-it.de/viewtopic.php?t=2791" + }, + { + "name": "3173", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3173" + }, + { + "name": "45479", + "refsource": "OSVDB", + "url": "http://osvdb.org/45479" + }, + { + "name": "20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/480601/100/0/threaded" + }, + { + "name": "http://www.netvigilance.com/advisory0069", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0069" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5286.json b/2014/5xxx/CVE-2014-5286.json index ac5e0944a2b..a12338ebece 100644 --- a/2014/5xxx/CVE-2014-5286.json +++ b/2014/5xxx/CVE-2014-5286.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/assets/blt1b18947cad32d1c4/2014-007-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/assets/blt1b18947cad32d1c4/2014-007-advisory.txt" - }, - { - "name" : "http://www.tibco.com/mk/advisory.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/mk/advisory.jsp" - }, - { - "name" : "http://www.tibco.com/services/support/advisories/activematrix-advisory_20150218", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/services/support/advisories/activematrix-advisory_20150218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/assets/blt1b18947cad32d1c4/2014-007-advisory.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/assets/blt1b18947cad32d1c4/2014-007-advisory.txt" + }, + { + "name": "http://www.tibco.com/mk/advisory.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/mk/advisory.jsp" + }, + { + "name": "http://www.tibco.com/services/support/advisories/activematrix-advisory_20150218", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories/activematrix-advisory_20150218" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5441.json b/2014/5xxx/CVE-2014-5441.json index 8ce02142cfa..5bbdfc901b5 100644 --- a/2014/5xxx/CVE-2014-5441.json +++ b/2014/5xxx/CVE-2014-5441.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127978/Fatt-Free-CRM-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127978/Fatt-Free-CRM-Cross-Site-Scripting.html" - }, - { - "name" : "https://github.com/fatfreecrm/fat_free_crm/commit/95464495f1e3e714d5c295fe621af5d2e0d4238d", - "refsource" : "CONFIRM", - "url" : "https://github.com/fatfreecrm/fat_free_crm/commit/95464495f1e3e714d5c295fe621af5d2e0d4238d" - }, - { - "name" : "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-vulnerability-%2826th-August-2014%29", - "refsource" : "CONFIRM", - "url" : "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-vulnerability-%2826th-August-2014%29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-vulnerability-%2826th-August-2014%29", + "refsource": "CONFIRM", + "url": "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-vulnerability-%2826th-August-2014%29" + }, + { + "name": "http://packetstormsecurity.com/files/127978/Fatt-Free-CRM-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127978/Fatt-Free-CRM-Cross-Site-Scripting.html" + }, + { + "name": "https://github.com/fatfreecrm/fat_free_crm/commit/95464495f1e3e714d5c295fe621af5d2e0d4238d", + "refsource": "CONFIRM", + "url": "https://github.com/fatfreecrm/fat_free_crm/commit/95464495f1e3e714d5c295fe621af5d2e0d4238d" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5653.json b/2014/5xxx/CVE-2014-5653.json index 51e2e10e52a..035fbef57ca 100644 --- a/2014/5xxx/CVE-2014-5653.json +++ b/2014/5xxx/CVE-2014-5653.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Unblock Me FREE (aka com.kiragames.unblockmefree) application 1.4.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#993545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/993545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Unblock Me FREE (aka com.kiragames.unblockmefree) application 1.4.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#993545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/993545" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5771.json b/2014/5xxx/CVE-2014-5771.json index b499831cee6..74e2b6c50c1 100644 --- a/2014/5xxx/CVE-2014-5771.json +++ b/2014/5xxx/CVE-2014-5771.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#498017", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/498017" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#498017", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/498017" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2046.json b/2015/2xxx/CVE-2015-2046.json index 4d2cd305c16..9beabf05b47 100644 --- a/2015/2xxx/CVE-2015-2046.json +++ b/2015/2xxx/CVE-2015-2046.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150220 Re: CVE request: XSS in MantisBT", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/21/1" - }, - { - "name" : "[oss-security] 20150221 RE: CVE request: XSS in MantisBT", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/21/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1191130", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1191130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1191130", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191130" + }, + { + "name": "[oss-security] 20150221 RE: CVE request: XSS in MantisBT", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/21/2" + }, + { + "name": "[oss-security] 20150220 Re: CVE request: XSS in MantisBT", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/21/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2736.json b/2015/2xxx/CVE-2015-2736.json index 2ac5c99d178..0b97cc6d495 100644 --- a/2015/2xxx/CVE-2015-2736.json +++ b/2015/2xxx/CVE-2015-2736.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-2736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1167888", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1167888" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3324", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3324" - }, - { - "name" : "DSA-3300", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3300" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1455.html" - }, - { - "name" : "RHSA-2015:1207", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1207.html" - }, - { - "name" : "SUSE-SU-2015:1268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:1269", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" - }, - { - "name" : "SUSE-SU-2015:1449", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "openSUSE-SU-2015:1229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" - }, - { - "name" : "USN-2673-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2673-1" - }, - { - "name" : "USN-2656-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2656-1" - }, - { - "name" : "USN-2656-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2656-2" - }, - { - "name" : "75541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75541" - }, - { - "name" : "1032783", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032783" - }, - { - "name" : "1032784", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" + }, + { + "name": "RHSA-2015:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1455.html" + }, + { + "name": "SUSE-SU-2015:1268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "75541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75541" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "DSA-3324", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3324" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1167888", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1167888" + }, + { + "name": "USN-2673-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2673-1" + }, + { + "name": "1032784", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032784" + }, + { + "name": "RHSA-2015:1207", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1207.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html" + }, + { + "name": "SUSE-SU-2015:1269", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "USN-2656-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2656-1" + }, + { + "name": "SUSE-SU-2015:1449", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" + }, + { + "name": "1032783", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032783" + }, + { + "name": "DSA-3300", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3300" + }, + { + "name": "USN-2656-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2656-2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2948.json b/2015/2xxx/CVE-2015-2948.json index bf38df19925..147ea3d871f 100644 --- a/2015/2xxx/CVE-2015-2948.json +++ b/2015/2xxx/CVE-2015-2948.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-2948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zenphoto.org/news/zenphoto-1.4.8", - "refsource" : "CONFIRM", - "url" : "http://www.zenphoto.org/news/zenphoto-1.4.8" - }, - { - "name" : "JVN#68452022", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN68452022/index.html" - }, - { - "name" : "JVNDB-2015-000070", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000070" - }, - { - "name" : "74895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#68452022", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN68452022/index.html" + }, + { + "name": "http://www.zenphoto.org/news/zenphoto-1.4.8", + "refsource": "CONFIRM", + "url": "http://www.zenphoto.org/news/zenphoto-1.4.8" + }, + { + "name": "JVNDB-2015-000070", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000070" + }, + { + "name": "74895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74895" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2981.json b/2015/2xxx/CVE-2015-2981.json index 11d7798a239..e22c6fcbda0 100644 --- a/2015/2xxx/CVE-2015-2981.json +++ b/2015/2xxx/CVE-2015-2981.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-2981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#29053368", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN29053368/index.html" - }, - { - "name" : "JVNDB-2015-000111", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000111.html" - }, - { - "name" : "76266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#29053368", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN29053368/index.html" + }, + { + "name": "76266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76266" + }, + { + "name": "JVNDB-2015-000111", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000111.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6052.json b/2015/6xxx/CVE-2015-6052.json index 50d3c01bfdc..deccfb4f1e1 100644 --- a/2015/6xxx/CVE-2015-6052.json +++ b/2015/6xxx/CVE-2015-6052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"VBScript and JScript ASLR Bypass.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-106", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106" - }, - { - "name" : "MS15-108", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108" - }, - { - "name" : "1033800", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"VBScript and JScript ASLR Bypass.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-108", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108" + }, + { + "name": "1033800", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033800" + }, + { + "name": "MS15-106", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6321.json b/2015/6xxx/CVE-2015-6321.json index 00fcf5b236a..88da34021e1 100644 --- a/2015/6xxx/CVE-2015-6321.json +++ b/2015/6xxx/CVE-2015-6321.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151104 Cisco AsyncOS TCP Flood Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos" - }, - { - "name" : "1034060", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034060" - }, - { - "name" : "1034061", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151104 Cisco AsyncOS TCP Flood Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos" + }, + { + "name": "1034060", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034060" + }, + { + "name": "1034061", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034061" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6453.json b/2015/6xxx/CVE-2015-6453.json index c753ff2b0e8..2c8a4f7491e 100644 --- a/2015/6xxx/CVE-2015-6453.json +++ b/2015/6xxx/CVE-2015-6453.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6453", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6453", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6538.json b/2015/6xxx/CVE-2015-6538.json index a9eb666fd4e..dd7dd2c6818 100644 --- a/2015/6xxx/CVE-2015-6538.json +++ b/2015/6xxx/CVE-2015-6538.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.epiphanyhealthdata.com/blog/certresponse", - "refsource" : "CONFIRM", - "url" : "http://www.epiphanyhealthdata.com/blog/certresponse" - }, - { - "name" : "VU#630239", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/630239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.epiphanyhealthdata.com/blog/certresponse", + "refsource": "CONFIRM", + "url": "http://www.epiphanyhealthdata.com/blog/certresponse" + }, + { + "name": "VU#630239", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/630239" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6787.json b/2015/6xxx/CVE-2015-6787.json index cde788e9de9..264e436d647 100644 --- a/2015/6xxx/CVE-2015-6787.json +++ b/2015/6xxx/CVE-2015-6787.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-6787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39162", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39162/" - }, - { - "name" : "39163", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39163/" - }, - { - "name" : "39165", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39165/" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=525330", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=525330" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=526286", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=526286" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=526441", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=526441" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=529554", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=529554" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=534621", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=534621" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=537823", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=537823" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=540949", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=540949" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=545173", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=545173" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=551460", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=551460" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=551503", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=551503" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=552046", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=552046" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=554115", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=554115" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=554151", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=554151" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=563930", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=563930" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "openSUSE-SU-2015:2290", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html" - }, - { - "name" : "openSUSE-SU-2015:2291", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html" - }, - { - "name" : "USN-2825-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2825-1" - }, - { - "name" : "1034298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=526286", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=526286" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=554151", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=554151" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=551503", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=551503" + }, + { + "name": "39163", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39163/" + }, + { + "name": "39165", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39165/" + }, + { + "name": "39162", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39162/" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=552046", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=552046" + }, + { + "name": "USN-2825-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2825-1" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=526441", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=526441" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=525330", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=525330" + }, + { + "name": "openSUSE-SU-2015:2290", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=551460", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=551460" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=534621", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=534621" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=545173", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=545173" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=563930", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=563930" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=529554", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=529554" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=540949", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=540949" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=554115", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=554115" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=537823", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=537823" + }, + { + "name": "openSUSE-SU-2015:2291", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html" + }, + { + "name": "1034298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034298" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6923.json b/2015/6xxx/CVE-2015-6923.json index ff36138eace..a0b41f436fe 100644 --- a/2015/6xxx/CVE-2015-6923.json +++ b/2015/6xxx/CVE-2015-6923.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150917 KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536491/100/0/threaded" - }, - { - "name" : "38225", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38225/" - }, - { - "name" : "20150917 KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/72" - }, - { - "name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-005.txt", - "refsource" : "MISC", - "url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-005.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/133620/VBox-Satellite-Express-Arbitrary-Write-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133620/VBox-Satellite-Express-Arbitrary-Write-Privilege-Escalation.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150917 KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/72" + }, + { + "name": "http://packetstormsecurity.com/files/133620/VBox-Satellite-Express-Arbitrary-Write-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133620/VBox-Satellite-Express-Arbitrary-Write-Privilege-Escalation.html" + }, + { + "name": "38225", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38225/" + }, + { + "name": "20150917 KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536491/100/0/threaded" + }, + { + "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-005.txt", + "refsource": "MISC", + "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-005.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7432.json b/2015/7xxx/CVE-2015-7432.json index c1a472c5796..b36993a9094 100644 --- a/2015/7xxx/CVE-2015-7432.json +++ b/2015/7xxx/CVE-2015-7432.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-7432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974558", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21974558" - }, - { - "name" : "ibm-cma-cve20157432-info-disc(107861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974558", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974558" + }, + { + "name": "ibm-cma-cve20157432-info-disc(107861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/107861" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7747.json b/2015/7xxx/CVE-2015-7747.json index 08ddcc83a85..5ac70bbbb39 100644 --- a/2015/7xxx/CVE-2015-7747.json +++ b/2015/7xxx/CVE-2015-7747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7826.json b/2015/7xxx/CVE-2015-7826.json index c724248891c..9638df8e988 100644 --- a/2015/7xxx/CVE-2015-7826.json +++ b/2015/7xxx/CVE-2015-7826.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://botan.randombit.net/security.html#id3", - "refsource" : "CONFIRM", - "url" : "https://botan.randombit.net/security.html#id3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311620", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311620", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311620" + }, + { + "name": "https://botan.randombit.net/security.html#id3", + "refsource": "CONFIRM", + "url": "https://botan.randombit.net/security.html#id3" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7883.json b/2015/7xxx/CVE-2015-7883.json index 247f7fa0b1f..5efc43b4f81 100644 --- a/2015/7xxx/CVE-2015-7883.json +++ b/2015/7xxx/CVE-2015-7883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7883", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7883", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0431.json b/2016/0xxx/CVE-2016-0431.json index 065561c7c31..570b16f5ae7 100644 --- a/2016/0xxx/CVE-2016-0431.json +++ b/2016/0xxx/CVE-2016-0431.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034735", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034735", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034735" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0770.json b/2016/0xxx/CVE-2016-0770.json index aa20ada6983..be10ddb8a0a 100644 --- a/2016/0xxx/CVE-2016-0770.json +++ b/2016/0xxx/CVE-2016-0770.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-0770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-0770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160201 Wordpress plugin Reflected XSS in connections v8.5.8", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/02/1" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=161", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=161" - }, - { - "name" : "https://wordpress.org/plugins/connections/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/connections/changelog/" - }, - { - "name" : "82355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/82355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/advisory.php?v=161", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=161" + }, + { + "name": "https://wordpress.org/plugins/connections/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/connections/changelog/" + }, + { + "name": "[oss-security] 20160201 Wordpress plugin Reflected XSS in connections v8.5.8", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/02/1" + }, + { + "name": "82355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/82355" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0878.json b/2016/0xxx/CVE-2016-0878.json index 8d0e1907f12..eade7518fa3 100644 --- a/2016/0xxx/CVE-2016-0878.json +++ b/2016/0xxx/CVE-2016-0878.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-0878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0895.json b/2016/0xxx/CVE-2016-0895.json index 441bbb7b41b..1a8c79cb9fe 100644 --- a/2016/0xxx/CVE-2016-0895.json +++ b/2016/0xxx/CVE-2016-0895.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-0895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-0895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160502 ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/May/9" - }, - { - "name" : "http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html" - }, - { - "name" : "1035714", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160502 ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/May/9" + }, + { + "name": "1035714", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035714" + }, + { + "name": "http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000164.json b/2016/1000xxx/CVE-2016-1000164.json index 8571908e164..0d9fc73f054 100644 --- a/2016/1000xxx/CVE-2016-1000164.json +++ b/2016/1000xxx/CVE-2016-1000164.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000164", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000164", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10009.json b/2016/10xxx/CVE-2016-10009.json index c9c4c65a09e..c9fa980f471 100644 --- a/2016/10xxx/CVE-2016-10009.json +++ b/2016/10xxx/CVE-2016-10009.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40963", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40963/" - }, - { - "name" : "[oss-security] 20161219 Announce: OpenSSH 7.4 released", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/19/2" - }, - { - "name" : "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" - }, - { - "name" : "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009" - }, - { - "name" : "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5", - "refsource" : "CONFIRM", - "url" : "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5" - }, - { - "name" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", - "refsource" : "CONFIRM", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637" - }, - { - "name" : "https://www.openssh.com/txt/release-7.4", - "refsource" : "CONFIRM", - "url" : "https://www.openssh.com/txt/release-7.4" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171130-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171130-0002/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us" - }, - { - "name" : "FreeBSD-SA-17:01", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc" - }, - { - "name" : "RHSA-2017:2029", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2029" - }, - { - "name" : "USN-3538-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3538-1/" - }, - { - "name" : "94968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94968" - }, - { - "name" : "1037490", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5", + "refsource": "CONFIRM", + "url": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5" + }, + { + "name": "40963", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40963/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171130-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171130-0002/" + }, + { + "name": "94968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94968" + }, + { + "name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/19/2" + }, + { + "name": "1037490", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037490" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us" + }, + { + "name": "FreeBSD-SA-17:01", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc" + }, + { + "name": "USN-3538-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3538-1/" + }, + { + "name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", + "refsource": "CONFIRM", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637" + }, + { + "name": "RHSA-2017:2029", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2029" + }, + { + "name": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html" + }, + { + "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "name": "https://www.openssh.com/txt/release-7.4", + "refsource": "CONFIRM", + "url": "https://www.openssh.com/txt/release-7.4" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10235.json b/2016/10xxx/CVE-2016-10235.json index b7211b08ff2..cd3db64d699 100644 --- a/2016/10xxx/CVE-2016-10235.json +++ b/2016/10xxx/CVE-2016-10235.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-04-03T00:00:00", - "ID" : "CVE-2016-10235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-04-03T00:00:00", + "ID": "CVE-2016-10235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97361" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97361" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10458.json b/2016/10xxx/CVE-2016-10458.json index 561696b9824..d2fb92e4315 100644 --- a/2016/10xxx/CVE-2016-10458.json +++ b/2016/10xxx/CVE-2016-10458.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, and Snapdragon_High_Med_2016, the 'proper' solution for this will be to ensure that any users of qsee_log in the bootchain (before Linux boots) unallocate their buffers and clear the qsee_log pointer. Until support for that is implemented in TZ and the bootloader, enable tz_log to avoid potential scribbling. This solution will prevent the linux kernel memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Uninitialized Variable in Core." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, and Snapdragon_High_Med_2016, the 'proper' solution for this will be to ensure that any users of qsee_log in the bootchain (before Linux boots) unallocate their buffers and clear the qsee_log pointer. Until support for that is implemented in TZ and the bootloader, enable tz_log to avoid potential scribbling. This solution will prevent the linux kernel memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Uninitialized Variable in Core." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1543.json b/2016/1xxx/CVE-2016-1543.json index f1b706d8ff9..fd64f0c5b2a 100644 --- a/2016/1xxx/CVE-2016-1543.json +++ b/2016/1xxx/CVE-2016-1543.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-1543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160328 BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537910/100/0/threaded" - }, - { - "name" : "43902", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43902/" - }, - { - "name" : "43939", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43939/" - }, - { - "name" : "http://packetstormsecurity.com/files/136462/BMC-Server-Automation-BSA-RSCD-Agent-Unauthorized-Password-Reset.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136462/BMC-Server-Automation-BSA-RSCD-Agent-Unauthorized-Password-Reset.html" - }, - { - "name" : "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/", - "refsource" : "MISC", - "url" : "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/" - }, - { - "name" : "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution", - "refsource" : "CONFIRM", - "url" : "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/", + "refsource": "MISC", + "url": "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/" + }, + { + "name": "20160328 BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537910/100/0/threaded" + }, + { + "name": "43902", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43902/" + }, + { + "name": "43939", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43939/" + }, + { + "name": "http://packetstormsecurity.com/files/136462/BMC-Server-Automation-BSA-RSCD-Agent-Unauthorized-Password-Reset.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136462/BMC-Server-Automation-BSA-RSCD-Agent-Unauthorized-Password-Reset.html" + }, + { + "name": "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution", + "refsource": "CONFIRM", + "url": "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1621.json b/2016/1xxx/CVE-2016-1621.json index be6013d48b2..1538e8a9865 100644 --- a/2016/1xxx/CVE-2016-1621.json +++ b/2016/1xxx/CVE-2016-1621.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-03-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-03-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d" - }, - { - "name" : "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55" - }, - { - "name" : "FEDORA-2016-fae59061fe", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "84239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d" + }, + { + "name": "http://source.android.com/security/bulletin/2016-03-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-03-01.html" + }, + { + "name": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55" + }, + { + "name": "84239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84239" + }, + { + "name": "FEDORA-2016-fae59061fe", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4161.json b/2016/4xxx/CVE-2016-4161.json index 1bfe048585a..f91dc76850a 100644 --- a/2016/4xxx/CVE-2016-4161.json +++ b/2016/4xxx/CVE-2016-4161.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" - }, - { - "name" : "GLSA-201606-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-08" - }, - { - "name" : "RHSA-2016:1079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1079.html" - }, - { - "name" : "90618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201606-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-08" + }, + { + "name": "90618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90618" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" + }, + { + "name": "RHSA-2016:1079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4365.json b/2016/4xxx/CVE-2016-4365.json index 4fa1870e5d0..93f0c869355 100644 --- a/2016/4xxx/CVE-2016-4365.json +++ b/2016/4xxx/CVE-2016-4365.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150800", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150800", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150800" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4401.json b/2016/4xxx/CVE-2016-4401.json index ed025c4a5f3..b17b17db6f0 100644 --- a/2016/4xxx/CVE-2016-4401.json +++ b/2016/4xxx/CVE-2016-4401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4401", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4401", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4545.json b/2016/4xxx/CVE-2016-4545.json index 2c3a24e1984..2c4cfb1cafb 100644 --- a/2016/4xxx/CVE-2016-4545.json +++ b/2016/4xxx/CVE-2016-4545.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/k/48/sol48042976.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/k/48/sol48042976.html" - }, - { - "name" : "1036025", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036025", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036025" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/k/48/sol48042976.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/k/48/sol48042976.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3007.json b/2019/3xxx/CVE-2019-3007.json index a687cb0602b..a5f6b6b79cd 100644 --- a/2019/3xxx/CVE-2019-3007.json +++ b/2019/3xxx/CVE-2019-3007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3007", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3007", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3484.json b/2019/3xxx/CVE-2019-3484.json index 8816b1b178a..f010eb115e2 100644 --- a/2019/3xxx/CVE-2019-3484.json +++ b/2019/3xxx/CVE-2019-3484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3727.json b/2019/3xxx/CVE-2019-3727.json index 1aa82db7a24..43746c19dbb 100644 --- a/2019/3xxx/CVE-2019-3727.json +++ b/2019/3xxx/CVE-2019-3727.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3727", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3727", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3845.json b/2019/3xxx/CVE-2019-3845.json index 6ee66ea3554..998b0b83815 100644 --- a/2019/3xxx/CVE-2019-3845.json +++ b/2019/3xxx/CVE-2019-3845.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3845", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3845", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4100.json b/2019/4xxx/CVE-2019-4100.json index 435353f022c..2b14cf958f8 100644 --- a/2019/4xxx/CVE-2019-4100.json +++ b/2019/4xxx/CVE-2019-4100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4431.json b/2019/4xxx/CVE-2019-4431.json index bc2d52a5eeb..5077bfab577 100644 --- a/2019/4xxx/CVE-2019-4431.json +++ b/2019/4xxx/CVE-2019-4431.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4431", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4431", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4483.json b/2019/4xxx/CVE-2019-4483.json index b41b2131b94..889caa153bb 100644 --- a/2019/4xxx/CVE-2019-4483.json +++ b/2019/4xxx/CVE-2019-4483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4483", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4483", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6032.json b/2019/6xxx/CVE-2019-6032.json index cf3591a8493..cf27f0383c8 100644 --- a/2019/6xxx/CVE-2019-6032.json +++ b/2019/6xxx/CVE-2019-6032.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6032", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6032", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6644.json b/2019/6xxx/CVE-2019-6644.json index fe96be7dc07..1d1f11ba1f4 100644 --- a/2019/6xxx/CVE-2019-6644.json +++ b/2019/6xxx/CVE-2019-6644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6644", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6644", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7093.json b/2019/7xxx/CVE-2019-7093.json index b2c5e16d88c..98c0ead3eec 100644 --- a/2019/7xxx/CVE-2019-7093.json +++ b/2019/7xxx/CVE-2019-7093.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7093", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7093", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7430.json b/2019/7xxx/CVE-2019-7430.json index 3178f02ffc9..7eb1d096a77 100644 --- a/2019/7xxx/CVE-2019-7430.json +++ b/2019/7xxx/CVE-2019-7430.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7430", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7430", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7519.json b/2019/7xxx/CVE-2019-7519.json index d2bfe3253ef..9ef08a4c2d7 100644 --- a/2019/7xxx/CVE-2019-7519.json +++ b/2019/7xxx/CVE-2019-7519.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7519", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7519", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7673.json b/2019/7xxx/CVE-2019-7673.json index 1ad42a67de1..27a27bc04a6 100644 --- a/2019/7xxx/CVE-2019-7673.json +++ b/2019/7xxx/CVE-2019-7673.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb", - "refsource" : "MISC", - "url" : "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb", + "refsource": "MISC", + "url": "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7842.json b/2019/7xxx/CVE-2019-7842.json index 002d2423cbb..2382c579ad2 100644 --- a/2019/7xxx/CVE-2019-7842.json +++ b/2019/7xxx/CVE-2019-7842.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7842", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7842", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8386.json b/2019/8xxx/CVE-2019-8386.json index a0b7ff3f227..5b69c81a268 100644 --- a/2019/8xxx/CVE-2019-8386.json +++ b/2019/8xxx/CVE-2019-8386.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8386", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8386", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8585.json b/2019/8xxx/CVE-2019-8585.json index 4fb08a4fec0..2c2523a176d 100644 --- a/2019/8xxx/CVE-2019-8585.json +++ b/2019/8xxx/CVE-2019-8585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8777.json b/2019/8xxx/CVE-2019-8777.json index 8bf23d5c578..163aeb856bb 100644 --- a/2019/8xxx/CVE-2019-8777.json +++ b/2019/8xxx/CVE-2019-8777.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8777", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8777", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8953.json b/2019/8xxx/CVE-2019-8953.json index 4227bb4af23..2c09c3803f7 100644 --- a/2019/8xxx/CVE-2019-8953.json +++ b/2019/8xxx/CVE-2019-8953.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46538", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46538/" - }, - { - "name" : "https://cxsecurity.com/issue/WLB-2019020153", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2019020153" - }, - { - "name" : "https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c", - "refsource" : "MISC", - "url" : "https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c" - }, - { - "name" : "https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5", - "refsource" : "MISC", - "url" : "https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5" - }, - { - "name" : "https://redmine.pfsense.org/issues/9335", - "refsource" : "MISC", - "url" : "https://redmine.pfsense.org/issues/9335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://redmine.pfsense.org/issues/9335", + "refsource": "MISC", + "url": "https://redmine.pfsense.org/issues/9335" + }, + { + "name": "https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c", + "refsource": "MISC", + "url": "https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c" + }, + { + "name": "https://cxsecurity.com/issue/WLB-2019020153", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2019020153" + }, + { + "name": "https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5", + "refsource": "MISC", + "url": "https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5" + }, + { + "name": "46538", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46538/" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9008.json b/2019/9xxx/CVE-2019-9008.json index 5296f62cc36..bfc26c22eb3 100644 --- a/2019/9xxx/CVE-2019-9008.json +++ b/2019/9xxx/CVE-2019-9008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9323.json b/2019/9xxx/CVE-2019-9323.json index 8293efe8893..8e18f471191 100644 --- a/2019/9xxx/CVE-2019-9323.json +++ b/2019/9xxx/CVE-2019-9323.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9323", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9323", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9413.json b/2019/9xxx/CVE-2019-9413.json index b936d715017..2c60e748d92 100644 --- a/2019/9xxx/CVE-2019-9413.json +++ b/2019/9xxx/CVE-2019-9413.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9413", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9413", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file