diff --git a/2007/0xxx/CVE-2007-0019.json b/2007/0xxx/CVE-2007-0019.json index 399b50ae135..3c1c4c6cdce 100644 --- a/2007/0xxx/CVE-2007-0019.json +++ b/2007/0xxx/CVE-2007-0019.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/moab/MOAB-18-01-2007.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/moab/MOAB-18-01-2007.html" - }, - { - "name" : "32689", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32689" - }, - { - "name" : "32692", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32692" - }, - { - "name" : "23842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23842" - }, - { - "name" : "rumpus-ftp-http-bo(31594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://projects.info-pull.com/moab/MOAB-18-01-2007.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/moab/MOAB-18-01-2007.html" + }, + { + "name": "32689", + "refsource": "OSVDB", + "url": "http://osvdb.org/32689" + }, + { + "name": "32692", + "refsource": "OSVDB", + "url": "http://osvdb.org/32692" + }, + { + "name": "23842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23842" + }, + { + "name": "rumpus-ftp-http-bo(31594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31594" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0196.json b/2007/0xxx/CVE-2007-0196.json index ebdc97a07b5..d204a436481 100644 --- a/2007/0xxx/CVE-2007-0196.json +++ b/2007/0xxx/CVE-2007-0196.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3105", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3105" - }, - { - "name" : "21963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21963" - }, - { - "name" : "ADV-2007-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0143" - }, - { - "name" : "32718", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32718" - }, - { - "name" : "23531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23531" - }, - { - "name" : "motionborg-admincheckuser-sql-injection(31360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23531" + }, + { + "name": "ADV-2007-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0143" + }, + { + "name": "motionborg-admincheckuser-sql-injection(31360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31360" + }, + { + "name": "3105", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3105" + }, + { + "name": "21963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21963" + }, + { + "name": "32718", + "refsource": "OSVDB", + "url": "http://osvdb.org/32718" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0482.json b/2007/0xxx/CVE-2007-0482.json index ffe17de6101..5a25ec2e604 100644 --- a/2007/0xxx/CVE-2007-0482.json +++ b/2007/0xxx/CVE-2007-0482.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102779", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1" - }, - { - "name" : "22192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22192" - }, - { - "name" : "ADV-2007-0316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0316" - }, - { - "name" : "31671", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31671" - }, - { - "name" : "1017547", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017547" - }, - { - "name" : "23900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23900" - }, - { - "name" : "sunray-utadmin-information-disclosure(31700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102779", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1" + }, + { + "name": "23900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23900" + }, + { + "name": "ADV-2007-0316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0316" + }, + { + "name": "1017547", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017547" + }, + { + "name": "22192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22192" + }, + { + "name": "sunray-utadmin-information-disclosure(31700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31700" + }, + { + "name": "31671", + "refsource": "OSVDB", + "url": "http://osvdb.org/31671" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0862.json b/2007/0xxx/CVE-2007-0862.json index ea129281ac6..7a97b6d67ab 100644 --- a/2007/0xxx/CVE-2007-0862.json +++ b/2007/0xxx/CVE-2007-0862.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070129 Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458559/100/100/threaded" - }, - { - "name" : "20070129 gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458460/100/100/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070129 Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458559/100/100/threaded" + }, + { + "name": "20070129 gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458460/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0903.json b/2007/0xxx/CVE-2007-0903.json index 9970c2394c9..3d50fccf230 100644 --- a/2007/0xxx/CVE-2007-0903.json +++ b/2007/0xxx/CVE-2007-0903.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_113/", - "refsource" : "CONFIRM", - "url" : "http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_113/" - }, - { - "name" : "22525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22525" - }, - { - "name" : "ADV-2007-0570", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0570" - }, - { - "name" : "33179", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33179" - }, - { - "name" : "24075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24075" - }, - { - "name" : "ejabberd-modrosterodbc-unspecified(32437)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22525" + }, + { + "name": "http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_113/", + "refsource": "CONFIRM", + "url": "http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_113/" + }, + { + "name": "33179", + "refsource": "OSVDB", + "url": "http://osvdb.org/33179" + }, + { + "name": "ejabberd-modrosterodbc-unspecified(32437)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32437" + }, + { + "name": "24075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24075" + }, + { + "name": "ADV-2007-0570", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0570" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1245.json b/2007/1xxx/CVE-2007-1245.json index fbef78255c0..1873e5f17a0 100644 --- a/2007/1xxx/CVE-2007-1245.json +++ b/2007/1xxx/CVE-2007-1245.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070225 Few unreported vulnerabilities by SehaTo", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461373/100/0/threaded" - }, - { - "name" : "http://securityvulns.com/Qdocument120.html", - "refsource" : "MISC", - "url" : "http://securityvulns.com/Qdocument120.html" - }, - { - "name" : "http://securityvulns.com/news/IrfanView/WMF/DoS.html", - "refsource" : "MISC", - "url" : "http://securityvulns.com/news/IrfanView/WMF/DoS.html" - }, - { - "name" : "34487", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070225 Few unreported vulnerabilities by SehaTo", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461373/100/0/threaded" + }, + { + "name": "34487", + "refsource": "OSVDB", + "url": "http://osvdb.org/34487" + }, + { + "name": "http://securityvulns.com/news/IrfanView/WMF/DoS.html", + "refsource": "MISC", + "url": "http://securityvulns.com/news/IrfanView/WMF/DoS.html" + }, + { + "name": "http://securityvulns.com/Qdocument120.html", + "refsource": "MISC", + "url": "http://securityvulns.com/Qdocument120.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3668.json b/2007/3xxx/CVE-2007-3668.json index f65a1491ce3..658dc29f7b4 100644 --- a/2007/3xxx/CVE-2007-3668.json +++ b/2007/3xxx/CVE-2007-3668.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVDX allow remote attackers to cause a denial of service via \"improperly initialized\" (1) LoadSegmentWord, (2) PartitionType, (3) SectorCount, and (4) BootFilePath variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070707 [Eleytt] 7LIPIEC2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473187" - }, - { - "name" : "24821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24821" - }, - { - "name" : "43777", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVDX allow remote attackers to cause a denial of service via \"improperly initialized\" (1) LoadSegmentWord, (2) PartitionType, (3) SectorCount, and (4) BootFilePath variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43777", + "refsource": "OSVDB", + "url": "http://osvdb.org/43777" + }, + { + "name": "20070707 [Eleytt] 7LIPIEC2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473187" + }, + { + "name": "24821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24821" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3726.json b/2007/3xxx/CVE-2007-3726.json index 435893cbb62..4de7f9dc766 100644 --- a/2007/3xxx/CVE-2007-3726.json +++ b/2007/3xxx/CVE-2007-3726.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473371/100/0/threaded" - }, - { - "name" : "20070711 RE: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473376/100/0/threaded" - }, - { - "name" : "20070711 Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473373/100/0/threaded" - }, - { - "name" : "20070731 FLEA-2007-0037-1 unrar", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475155/30/5610/threaded" - }, - { - "name" : "39603", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39603" - }, - { - "name" : "2880", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070711 RE: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473376/100/0/threaded" + }, + { + "name": "20070731 FLEA-2007-0037-1 unrar", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475155/30/5610/threaded" + }, + { + "name": "39603", + "refsource": "OSVDB", + "url": "http://osvdb.org/39603" + }, + { + "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded" + }, + { + "name": "2880", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2880" + }, + { + "name": "20070711 Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473373/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4044.json b/2007/4xxx/CVE-2007-4044.json index f785f5419b2..aeeb1b56028 100644 --- a/2007/4xxx/CVE-2007-4044.json +++ b/2007/4xxx/CVE-2007-4044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4044", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include \"one character in the shell escape handling.\" NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted by CVE to be security relevant. However, SUSE and Red Hat have disputed the problem, stating that the only impact is that scripts will not be executed if they have a \"c\" in their name, but even this limitation might not exist. This does not have security implications, so should not be included in CVE." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-4044", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include \"one character in the shell escape handling.\" NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted by CVE to be security relevant. However, SUSE and Red Hat have disputed the problem, stating that the only impact is that scripts will not be executed if they have a \"c\" in their name, but even this limitation might not exist. This does not have security implications, so should not be included in CVE." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5408.json b/2014/5xxx/CVE-2014-5408.json index cddea0bda19..9e35dd0169d 100644 --- a/2014/5xxx/CVE-2014-5408.json +++ b/2014/5xxx/CVE-2014-5408.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-5408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01" - }, - { - "name" : "70851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-303-01" + }, + { + "name": "70851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70851" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5540.json b/2014/5xxx/CVE-2014-5540.json index ec43ae21208..60afb3c280b 100644 --- a/2014/5xxx/CVE-2014-5540.json +++ b/2014/5xxx/CVE-2014-5540.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#113105", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/113105" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#113105", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/113105" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5565.json b/2014/5xxx/CVE-2014-5565.json index 18bcbf45e78..a5ccace7e86 100644 --- a/2014/5xxx/CVE-2014-5565.json +++ b/2014/5xxx/CVE-2014-5565.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GadgetTrak Mobile Security (aka com.activetrak.android.app) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#454809", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/454809" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GadgetTrak Mobile Security (aka com.activetrak.android.app) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#454809", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/454809" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5706.json b/2014/5xxx/CVE-2014-5706.json index 5fa1690879b..8e5d876a7f8 100644 --- a/2014/5xxx/CVE-2014-5706.json +++ b/2014/5xxx/CVE-2014-5706.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SomNote - Journal/Memo (aka com.somcloud.somnote) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#868409", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/868409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SomNote - Journal/Memo (aka com.somcloud.somnote) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#868409", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/868409" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2557.json b/2015/2xxx/CVE-2015-2557.json index 97584c40da4..fef35bacd43 100644 --- a/2015/2xxx/CVE-2015-2557.json +++ b/2015/2xxx/CVE-2015-2557.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-519", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-519" - }, - { - "name" : "MS15-110", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110" - }, - { - "name" : "1033803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-110", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-519", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-519" + }, + { + "name": "1033803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033803" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2752.json b/2015/2xxx/CVE-2015-2752.json index 8bead3095f5..c5f03dcb242 100644 --- a/2015/2xxx/CVE-2015-2752.json +++ b/2015/2xxx/CVE-2015-2752.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-125.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-125.html" - }, - { - "name" : "FEDORA-2015-5208", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html" - }, - { - "name" : "FEDORA-2015-5402", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154579.html" - }, - { - "name" : "FEDORA-2015-5295", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155198.html" - }, - { - "name" : "GLSA-201504-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-04" - }, - { - "name" : "SUSE-SU-2015:0923", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html" - }, - { - "name" : "openSUSE-SU-2015:0732", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html" - }, - { - "name" : "73448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73448" - }, - { - "name" : "1031994", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031994", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031994" + }, + { + "name": "GLSA-201504-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-04" + }, + { + "name": "FEDORA-2015-5295", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155198.html" + }, + { + "name": "SUSE-SU-2015:0923", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html" + }, + { + "name": "73448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73448" + }, + { + "name": "FEDORA-2015-5208", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-125.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-125.html" + }, + { + "name": "openSUSE-SU-2015:0732", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html" + }, + { + "name": "FEDORA-2015-5402", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154579.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6041.json b/2015/6xxx/CVE-2015-6041.json index a4ad102c80e..9e0a1ff569d 100644 --- a/2015/6xxx/CVE-2015-6041.json +++ b/2015/6xxx/CVE-2015-6041.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6041", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6041", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6318.json b/2015/6xxx/CVE-2015-6318.json index a395925e31e..71a45e62106 100644 --- a/2015/6xxx/CVE-2015-6318.json +++ b/2015/6xxx/CVE-2015-6318.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151007 Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151007-vcs" - }, - { - "name" : "1033781", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033781", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033781" + }, + { + "name": "20151007 Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151007-vcs" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6544.json b/2015/6xxx/CVE-2015-6544.json index 0a94b48aecf..856a5a16480 100644 --- a/2015/6xxx/CVE-2015-6544.json +++ b/2015/6xxx/CVE-2015-6544.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23268", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23268" - }, - { - "name" : "http://sourceforge.net/p/itop/code/3662/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/itop/code/3662/" - }, - { - "name" : "http://sourceforge.net/p/itop/tickets/1114/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/itop/tickets/1114/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/p/itop/code/3662/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/itop/code/3662/" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23268", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23268" + }, + { + "name": "http://sourceforge.net/p/itop/tickets/1114/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/itop/tickets/1114/" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6685.json b/2015/6xxx/CVE-2015-6685.json index a52a40d5068..9ee845665d7 100644 --- a/2015/6xxx/CVE-2015-6685.json +++ b/2015/6xxx/CVE-2015-6685.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) by using the Format action for unspecified fields, a different vulnerability than CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-6685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-467", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-467" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" - }, - { - "name" : "1033796", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) by using the Format action for unspecified fields, a different vulnerability than CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" + }, + { + "name": "1033796", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033796" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-467", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-467" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7178.json b/2015/7xxx/CVE-2015-7178.json index 543608f7efd..925c2316636 100644 --- a/2015/7xxx/CVE-2015-7178.json +++ b/2015/7xxx/CVE-2015-7178.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-7178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1189860", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1189860" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "openSUSE-SU-2015:1658", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:1679", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" - }, - { - "name" : "openSUSE-SU-2015:1681", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" - }, - { - "name" : "76816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76816" - }, - { - "name" : "1033640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1681", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1189860", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1189860" + }, + { + "name": "1033640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033640" + }, + { + "name": "76816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76816" + }, + { + "name": "openSUSE-SU-2015:1679", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" + }, + { + "name": "openSUSE-SU-2015:1658", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7515.json b/2015/7xxx/CVE-2015-7515.json index 029af74d0fa..66ab646acb0 100644 --- a/2015/7xxx/CVE-2015-7515.json +++ b/2015/7xxx/CVE-2015-7515.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-7515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39544", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39544/" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1285326", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1285326" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2015-7515", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2015-7515" - }, - { - "name" : "DSA-3607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3607" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" - }, - { - "name" : "SUSE-SU-2016:1102", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" - }, - { - "name" : "USN-2967-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-1" - }, - { - "name" : "USN-2967-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-2" - }, - { - "name" : "USN-2968-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2968-1" - }, - { - "name" : "USN-2968-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2968-2" - }, - { - "name" : "USN-2969-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2969-1" - }, - { - "name" : "USN-2970-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2970-1" - }, - { - "name" : "USN-2971-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-1" - }, - { - "name" : "USN-2971-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-2" - }, - { - "name" : "USN-2971-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-3" - }, - { - "name" : "84288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2971-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-2" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2015-7515", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2015-7515" + }, + { + "name": "USN-2967-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-1" + }, + { + "name": "84288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84288" + }, + { + "name": "USN-2970-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2970-1" + }, + { + "name": "USN-2969-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2969-1" + }, + { + "name": "USN-2967-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-2" + }, + { + "name": "USN-2968-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2968-1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96" + }, + { + "name": "USN-2971-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1285326", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285326" + }, + { + "name": "DSA-3607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3607" + }, + { + "name": "39544", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39544/" + }, + { + "name": "USN-2971-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-1" + }, + { + "name": "SUSE-SU-2016:1102", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" + }, + { + "name": "USN-2968-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2968-2" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96" + }, + { + "name": "SUSE-SU-2016:0911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7588.json b/2015/7xxx/CVE-2015-7588.json index caffa638639..14c26e7fc33 100644 --- a/2015/7xxx/CVE-2015-7588.json +++ b/2015/7xxx/CVE-2015-7588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7588", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7588", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0121.json b/2016/0xxx/CVE-2016-0121.json index 49d9cad8b26..51e1e313247 100644 --- a/2016/0xxx/CVE-2016-0121.json +++ b/2016/0xxx/CVE-2016-0121.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka \"OpenType Font Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39560", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39560/" - }, - { - "name" : "MS16-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026" - }, - { - "name" : "84027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84027" - }, - { - "name" : "1035198", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka \"OpenType Font Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39560", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39560/" + }, + { + "name": "84027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84027" + }, + { + "name": "MS16-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026" + }, + { + "name": "1035198", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035198" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0202.json b/2016/0xxx/CVE-2016-0202.json index 9b93f04d0d0..cf55937e639 100644 --- a/2016/0xxx/CVE-2016-0202.json +++ b/2016/0xxx/CVE-2016-0202.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.2" - }, - { - "version_value" : "2.2.0.1" - }, - { - "version_value" : "2.3" - }, - { - "version_value" : "2.4" - }, - { - "version_value" : "2.3.0.1" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.2" + }, + { + "version_value": "2.2.0.1" + }, + { + "version_value": "2.3" + }, + { + "version_value": "2.4" + }, + { + "version_value": "2.3.0.1" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000134", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000134" - }, - { - "name" : "94578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94578" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0295.json b/2016/0xxx/CVE-2016-0295.json index e1e83fcd001..66f69e5334b 100644 --- a/2016/0xxx/CVE-2016-0295.json +++ b/2016/0xxx/CVE-2016-0295.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985830", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985830" - }, - { - "name" : "ibm-mdm-cve20160295-csrf(111363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/111363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985830", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985830" + }, + { + "name": "ibm-mdm-cve20160295-csrf(111363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111363" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0395.json b/2016/0xxx/CVE-2016-0395.json index 7ec1a1c53e9..21cdfbaae13 100644 --- a/2016/0xxx/CVE-2016-0395.json +++ b/2016/0xxx/CVE-2016-0395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0395", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-0395", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0809.json b/2016/0xxx/CVE-2016-0809.json index 60a81c08a3a..af9cdaf82ed 100644 --- a/2016/0xxx/CVE-2016-0809.json +++ b/2016/0xxx/CVE-2016-0809.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-0809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-02-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-02-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/hardware/broadcom/wlan/+/2c5a4fac8bc8198f6a2635ede776f8de40a0c3e1", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/hardware/broadcom/wlan/+/2c5a4fac8bc8198f6a2635ede776f8de40a0c3e1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/hardware/broadcom/wlan/+/2c5a4fac8bc8198f6a2635ede776f8de40a0c3e1", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/hardware/broadcom/wlan/+/2c5a4fac8bc8198f6a2635ede776f8de40a0c3e1" + }, + { + "name": "http://source.android.com/security/bulletin/2016-02-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0841.json b/2016/0xxx/CVE-2016-0841.json index 890c57784da..2d5d31a7b87 100644 --- a/2016/0xxx/CVE-2016-0841.json +++ b/2016/0xxx/CVE-2016-0841.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/3097f364237fb552871f7639d37a7afa4563e252", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/3097f364237fb552871f7639d37a7afa4563e252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/3097f364237fb552871f7639d37a7afa4563e252", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/3097f364237fb552871f7639d37a7afa4563e252" + }, + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000124.json b/2016/1000xxx/CVE-2016-1000124.json index 2ec9120f41a..1daea4e583e 100644 --- a/2016/1000xxx/CVE-2016-1000124.json +++ b/2016/1000xxx/CVE-2016-1000124.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42597", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42597/" - }, - { - "name" : "http://huge-it.com/joomla-portfolio-gallery/", - "refsource" : "MISC", - "url" : "http://huge-it.com/joomla-portfolio-gallery/" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=170", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=170" - }, - { - "name" : "93268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42597", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42597/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=170", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=170" + }, + { + "name": "http://huge-it.com/joomla-portfolio-gallery/", + "refsource": "MISC", + "url": "http://huge-it.com/joomla-portfolio-gallery/" + }, + { + "name": "93268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93268" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10183.json b/2016/10xxx/CVE-2016-10183.json index 4a570e8eed1..b9c75176094 100644 --- a/2016/10xxx/CVE-2016-10183.json +++ b/2016/10xxx/CVE-2016-10183.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html", - "refsource" : "MISC", - "url" : "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html" - }, - { - "name" : "95877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html", + "refsource": "MISC", + "url": "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html" + }, + { + "name": "95877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95877" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10353.json b/2016/10xxx/CVE-2016-10353.json index 063a1b5d24d..4c67a059d06 100644 --- a/2016/10xxx/CVE-2016-10353.json +++ b/2016/10xxx/CVE-2016-10353.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10353", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-10353", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10501.json b/2016/10xxx/CVE-2016-10501.json index 4a28fc59cf7..108daaa978c 100644 --- a/2016/10xxx/CVE-2016-10501.json +++ b/2016/10xxx/CVE-2016-10501.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear, Small Cell SoC", - "version" : { - "version_data" : [ - { - "version_value" : "FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 835" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 835, improper input validation can occur while parsing an image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear, Small Cell SoC", + "version": { + "version_data": [ + { + "version_value": "FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 835" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 835, improper input validation can occur while parsing an image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1708.json b/2016/1xxx/CVE-2016-1708.json index e20942800e3..72a7d0925ca 100644 --- a/2016/1xxx/CVE-2016-1708.json +++ b/2016/1xxx/CVE-2016-1708.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html" - }, - { - "name" : "https://codereview.chromium.org/2103663002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2103663002" - }, - { - "name" : "https://crbug.com/613949", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/613949" - }, - { - "name" : "DSA-3637", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3637" - }, - { - "name" : "RHSA-2016:1485", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1485.html" - }, - { - "name" : "openSUSE-SU-2016:1865", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html" - }, - { - "name" : "openSUSE-SU-2016:1868", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html" - }, - { - "name" : "openSUSE-SU-2016:1869", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html" - }, - { - "name" : "openSUSE-SU-2016:1918", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html" - }, - { - "name" : "92053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92053" - }, - { - "name" : "1036428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1868", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html" + }, + { + "name": "openSUSE-SU-2016:1869", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html" + }, + { + "name": "92053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92053" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html" + }, + { + "name": "https://crbug.com/613949", + "refsource": "CONFIRM", + "url": "https://crbug.com/613949" + }, + { + "name": "openSUSE-SU-2016:1918", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html" + }, + { + "name": "https://codereview.chromium.org/2103663002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2103663002" + }, + { + "name": "openSUSE-SU-2016:1865", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html" + }, + { + "name": "RHSA-2016:1485", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1485.html" + }, + { + "name": "1036428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036428" + }, + { + "name": "DSA-3637", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3637" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4554.json b/2016/4xxx/CVE-2016-4554.json index 6bde5860d5a..937f6dfb760 100644 --- a/2016/4xxx/CVE-2016-4554.json +++ b/2016/4xxx/CVE-2016-4554.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3625", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3625" - }, - { - "name" : "GLSA-201607-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-01" - }, - { - "name" : "RHSA-2016:1138", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1138" - }, - { - "name" : "RHSA-2016:1139", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1139" - }, - { - "name" : "RHSA-2016:1140", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1140" - }, - { - "name" : "openSUSE-SU-2016:2081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html" - }, - { - "name" : "SUSE-SU-2016:1996", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:2089", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html" - }, - { - "name" : "USN-2995-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2995-1" - }, - { - "name" : "1035769", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201607-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch" + }, + { + "name": "SUSE-SU-2016:1996", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch" + }, + { + "name": "USN-2995-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2995-1" + }, + { + "name": "1035769", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035769" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch" + }, + { + "name": "RHSA-2016:1140", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1140" + }, + { + "name": "openSUSE-SU-2016:2081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html" + }, + { + "name": "RHSA-2016:1138", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1138" + }, + { + "name": "RHSA-2016:1139", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1139" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt" + }, + { + "name": "SUSE-SU-2016:2089", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch" + }, + { + "name": "DSA-3625", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3625" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4644.json b/2016/4xxx/CVE-2016-4644.json index 4a4c3bd1d40..077f11e40c8 100644 --- a/2016/4xxx/CVE-2016-4644.json +++ b/2016/4xxx/CVE-2016-4644.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206902", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT206902" - }, - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "https://support.apple.com/HT206905", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT206902", + "refsource": "MISC", + "url": "https://support.apple.com/HT206902" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "MISC", + "url": "https://support.apple.com/HT206903" + }, + { + "name": "https://support.apple.com/HT206905", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206905" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4875.json b/2016/4xxx/CVE-2016-4875.json index 7a42cdd2bdc..d5688f2ceb8 100644 --- a/2016/4xxx/CVE-2016-4875.json +++ b/2016/4xxx/CVE-2016-4875.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ivywe/geeklog-ivywe/commit/3cdb4ebca5746ff1e02b7e434d5722044d1d09d1", - "refsource" : "CONFIRM", - "url" : "https://github.com/ivywe/geeklog-ivywe/commit/3cdb4ebca5746ff1e02b7e434d5722044d1d09d1" - }, - { - "name" : "https://github.com/ivywe/geeklog-ivywe/commit/fe20a1bccdfec96125ab3d8dbee6ccbd0767c0be", - "refsource" : "CONFIRM", - "url" : "https://github.com/ivywe/geeklog-ivywe/commit/fe20a1bccdfec96125ab3d8dbee6ccbd0767c0be" - }, - { - "name" : "JVN#46087986", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN46087986/index.html" - }, - { - "name" : "JVNDB-2016-000167", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000167.html" - }, - { - "name" : "93123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ivywe/geeklog-ivywe/commit/3cdb4ebca5746ff1e02b7e434d5722044d1d09d1", + "refsource": "CONFIRM", + "url": "https://github.com/ivywe/geeklog-ivywe/commit/3cdb4ebca5746ff1e02b7e434d5722044d1d09d1" + }, + { + "name": "JVNDB-2016-000167", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000167.html" + }, + { + "name": "JVN#46087986", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN46087986/index.html" + }, + { + "name": "https://github.com/ivywe/geeklog-ivywe/commit/fe20a1bccdfec96125ab3d8dbee6ccbd0767c0be", + "refsource": "CONFIRM", + "url": "https://github.com/ivywe/geeklog-ivywe/commit/fe20a1bccdfec96125ab3d8dbee6ccbd0767c0be" + }, + { + "name": "93123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93123" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9567.json b/2016/9xxx/CVE-2016-9567.json index 6244ec248d2..ca8f30ff916 100644 --- a/2016/9xxx/CVE-2016-9567.json +++ b/2016/9xxx/CVE-2016-9567.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016", - "refsource" : "CONFIRM", - "url" : "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016" - }, - { - "name" : "94494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94494" + }, + { + "name": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016", + "refsource": "CONFIRM", + "url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2062.json b/2019/2xxx/CVE-2019-2062.json index 3aadb7083eb..8bd33f8f54e 100644 --- a/2019/2xxx/CVE-2019-2062.json +++ b/2019/2xxx/CVE-2019-2062.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2062", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2062", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2482.json b/2019/2xxx/CVE-2019-2482.json index bcf0bf3af22..e66c37dd1f1 100644 --- a/2019/2xxx/CVE-2019-2482.json +++ b/2019/2xxx/CVE-2019-2482.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.42 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.24 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.42 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.24 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "USN-3867-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3867-1/" - }, - { - "name" : "106619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106619" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "USN-3867-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3867-1/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2888.json b/2019/2xxx/CVE-2019-2888.json index 4693fc422d7..d5740ee5752 100644 --- a/2019/2xxx/CVE-2019-2888.json +++ b/2019/2xxx/CVE-2019-2888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2888", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2888", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3473.json b/2019/3xxx/CVE-2019-3473.json index 6edb7d03ff9..b72a88f3501 100644 --- a/2019/3xxx/CVE-2019-3473.json +++ b/2019/3xxx/CVE-2019-3473.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3473", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3473", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3489.json b/2019/3xxx/CVE-2019-3489.json index 5ff3c44f0d8..de3b62e9b22 100644 --- a/2019/3xxx/CVE-2019-3489.json +++ b/2019/3xxx/CVE-2019-3489.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3489", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3489", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3880.json b/2019/3xxx/CVE-2019-3880.json index 0c9c554818e..00ed001294e 100644 --- a/2019/3xxx/CVE-2019-3880.json +++ b/2019/3xxx/CVE-2019-3880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3987.json b/2019/3xxx/CVE-2019-3987.json index 10331af4318..e1d4988bfe4 100644 --- a/2019/3xxx/CVE-2019-3987.json +++ b/2019/3xxx/CVE-2019-3987.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3987", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3987", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6057.json b/2019/6xxx/CVE-2019-6057.json index b74de22b3fb..7ef09a09433 100644 --- a/2019/6xxx/CVE-2019-6057.json +++ b/2019/6xxx/CVE-2019-6057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6965.json b/2019/6xxx/CVE-2019-6965.json index 5bdb1d06dfa..7c5cb946298 100644 --- a/2019/6xxx/CVE-2019-6965.json +++ b/2019/6xxx/CVE-2019-6965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6965", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6965", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7132.json b/2019/7xxx/CVE-2019-7132.json index 3d58b31147f..994a3e6db1d 100644 --- a/2019/7xxx/CVE-2019-7132.json +++ b/2019/7xxx/CVE-2019-7132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7132", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7132", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7653.json b/2019/7xxx/CVE-2019-7653.json index 9e6d72899e2..3ec3045459c 100644 --- a/2019/7xxx/CVE-2019-7653.json +++ b/2019/7xxx/CVE-2019-7653.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because \"python -m\" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/921751", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/921751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because \"python -m\" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/921751", + "refsource": "MISC", + "url": "https://bugs.debian.org/921751" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7683.json b/2019/7xxx/CVE-2019-7683.json index 4dbe1b3415b..01ab381c02b 100644 --- a/2019/7xxx/CVE-2019-7683.json +++ b/2019/7xxx/CVE-2019-7683.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7683", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7683", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8095.json b/2019/8xxx/CVE-2019-8095.json index 98008afb244..4ffccba7846 100644 --- a/2019/8xxx/CVE-2019-8095.json +++ b/2019/8xxx/CVE-2019-8095.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8095", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8095", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8156.json b/2019/8xxx/CVE-2019-8156.json index 99197797739..8f05dc44e71 100644 --- a/2019/8xxx/CVE-2019-8156.json +++ b/2019/8xxx/CVE-2019-8156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8664.json b/2019/8xxx/CVE-2019-8664.json index bfe3bc2c1bb..026d30b6367 100644 --- a/2019/8xxx/CVE-2019-8664.json +++ b/2019/8xxx/CVE-2019-8664.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8664", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8664", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8908.json b/2019/8xxx/CVE-2019-8908.json index 1602883d640..3c22ccc908a 100644 --- a/2019/8xxx/CVE-2019-8908.json +++ b/2019/8xxx/CVE-2019-8908.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the \"Setting -> Mailbox configuration -> Registration email template\" screen, and uploading an image file, as demonstrated by a .php filename and the \"Content-Type: image/gif\" header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/taosir/wtcms/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/taosir/wtcms/issues/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the \"Setting -> Mailbox configuration -> Registration email template\" screen, and uploading an image file, as demonstrated by a .php filename and the \"Content-Type: image/gif\" header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/taosir/wtcms/issues/3", + "refsource": "MISC", + "url": "https://github.com/taosir/wtcms/issues/3" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9033.json b/2019/9xxx/CVE-2019-9033.json index 98d9f7bec5d..230323bd6ec 100644 --- a/2019/9xxx/CVE-2019-9033.json +++ b/2019/9xxx/CVE-2019-9033.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the \"Rank and Dimension\" feature in the function ReadNextCell() in mat5.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/matio", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/matio" - }, - { - "name" : "https://github.com/tbeu/matio/issues/103", - "refsource" : "MISC", - "url" : "https://github.com/tbeu/matio/issues/103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the \"Rank and Dimension\" feature in the function ReadNextCell() in mat5.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tbeu/matio/issues/103", + "refsource": "MISC", + "url": "https://github.com/tbeu/matio/issues/103" + }, + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/matio", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/matio" + } + ] + } +} \ No newline at end of file