diff --git a/2007/2xxx/CVE-2007-2611.json b/2007/2xxx/CVE-2007-2611.json index 6ce89736cf4..ea6b5387e9b 100644 --- a/2007/2xxx/CVE-2007-2611.json +++ b/2007/2xxx/CVE-2007-2611.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3874", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3874" - }, - { - "name" : "23880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23880" - }, - { - "name" : "ADV-2007-1734", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1734" - }, - { - "name" : "35880", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35880" - }, - { - "name" : "35881", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35881" - }, - { - "name" : "35882", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35882" - }, - { - "name" : "35883", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35883" - }, - { - "name" : "35884", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35884" - }, - { - "name" : "35885", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35885" - }, - { - "name" : "35886", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35886" - }, - { - "name" : "25214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25214" - }, - { - "name" : "cgx-pathcgx-file-include(34188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35881", + "refsource": "OSVDB", + "url": "http://osvdb.org/35881" + }, + { + "name": "23880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23880" + }, + { + "name": "35885", + "refsource": "OSVDB", + "url": "http://osvdb.org/35885" + }, + { + "name": "cgx-pathcgx-file-include(34188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34188" + }, + { + "name": "25214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25214" + }, + { + "name": "ADV-2007-1734", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1734" + }, + { + "name": "35886", + "refsource": "OSVDB", + "url": "http://osvdb.org/35886" + }, + { + "name": "3874", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3874" + }, + { + "name": "35884", + "refsource": "OSVDB", + "url": "http://osvdb.org/35884" + }, + { + "name": "35883", + "refsource": "OSVDB", + "url": "http://osvdb.org/35883" + }, + { + "name": "35880", + "refsource": "OSVDB", + "url": "http://osvdb.org/35880" + }, + { + "name": "35882", + "refsource": "OSVDB", + "url": "http://osvdb.org/35882" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3223.json b/2007/3xxx/CVE-2007-3223.json index 9d40ae02c7d..f020d1c7466 100644 --- a/2007/3xxx/CVE-2007-3223.json +++ b/2007/3xxx/CVE-2007-3223.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102965", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102965-1" - }, - { - "name" : "24466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24466" - }, - { - "name" : "ADV-2007-2190", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2190" - }, - { - "name" : "36592", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36592" - }, - { - "name" : "oval:org.mitre.oval:def:1092", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1092" - }, - { - "name" : "1018253", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018253" - }, - { - "name" : "25668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25668" - }, - { - "name" : "solaris-nfs-xdr-dos(34857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-nfs-xdr-dos(34857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34857" + }, + { + "name": "25668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25668" + }, + { + "name": "36592", + "refsource": "OSVDB", + "url": "http://osvdb.org/36592" + }, + { + "name": "1018253", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018253" + }, + { + "name": "ADV-2007-2190", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2190" + }, + { + "name": "oval:org.mitre.oval:def:1092", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1092" + }, + { + "name": "24466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24466" + }, + { + "name": "102965", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102965-1" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3353.json b/2007/3xxx/CVE-2007-3353.json index 1d4c21d59bf..fd769ec3f78 100644 --- a/2007/3xxx/CVE-2007-3353.json +++ b/2007/3xxx/CVE-2007-3353.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying \"the entire file is a class.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070602 MyEvent1.6 (template.php) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=118080045229127&w=2" - }, - { - "name" : "20070602 Re:MyEvent1.6 (template.php) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470348/100/200/threaded" - }, - { - "name" : "36230", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying \"the entire file is a class.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36230", + "refsource": "OSVDB", + "url": "http://osvdb.org/36230" + }, + { + "name": "20070602 MyEvent1.6 (template.php) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=118080045229127&w=2" + }, + { + "name": "20070602 Re:MyEvent1.6 (template.php) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470348/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3372.json b/2007/3xxx/CVE-2007-3372.json index 0680f16c7e6..2ed06d549be 100644 --- a/2007/3xxx/CVE-2007-3372.json +++ b/2007/3xxx/CVE-2007-3372.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070628 FLEA-2007-0030-1: avahi avahi-glib avahi-sharp", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472443/100/0/threaded" - }, - { - "name" : "http://avahi.org/milestone/Avahi%200.6.20", - "refsource" : "CONFIRM", - "url" : "http://avahi.org/milestone/Avahi%200.6.20" - }, - { - "name" : "http://avahi.org/changeset/1482", - "refsource" : "CONFIRM", - "url" : "http://avahi.org/changeset/1482" - }, - { - "name" : "DSA-1690", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1690" - }, - { - "name" : "MDKSA-2007:185", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:185" - }, - { - "name" : "SUSE-SR:2007:014", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_14_sr.html" - }, - { - "name" : "USN-696-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-696-1" - }, - { - "name" : "24614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24614" - }, - { - "name" : "37507", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37507" - }, - { - "name" : "ADV-2007-2317", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2317" - }, - { - "name" : "1018706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018706" - }, - { - "name" : "25811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25811" - }, - { - "name" : "26083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26083" - }, - { - "name" : "26791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26791" - }, - { - "name" : "33279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33279" - }, - { - "name" : "33220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33220" - }, - { - "name" : "avahi-assert-dos(35036)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26083" + }, + { + "name": "33220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33220" + }, + { + "name": "20070628 FLEA-2007-0030-1: avahi avahi-glib avahi-sharp", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472443/100/0/threaded" + }, + { + "name": "1018706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018706" + }, + { + "name": "33279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33279" + }, + { + "name": "SUSE-SR:2007:014", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html" + }, + { + "name": "24614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24614" + }, + { + "name": "ADV-2007-2317", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2317" + }, + { + "name": "37507", + "refsource": "OSVDB", + "url": "http://osvdb.org/37507" + }, + { + "name": "25811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25811" + }, + { + "name": "MDKSA-2007:185", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:185" + }, + { + "name": "http://avahi.org/changeset/1482", + "refsource": "CONFIRM", + "url": "http://avahi.org/changeset/1482" + }, + { + "name": "USN-696-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-696-1" + }, + { + "name": "DSA-1690", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1690" + }, + { + "name": "26791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26791" + }, + { + "name": "http://avahi.org/milestone/Avahi%200.6.20", + "refsource": "CONFIRM", + "url": "http://avahi.org/milestone/Avahi%200.6.20" + }, + { + "name": "avahi-assert-dos(35036)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35036" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3694.json b/2007/3xxx/CVE-2007-3694.json index f5a9bd5d074..e5dc3688718 100644 --- a/2007/3xxx/CVE-2007-3694.json +++ b/2007/3xxx/CVE-2007-3694.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071112 CVE-2007-3694: Cross site scripting (XSS) in broadcast machine", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483575/100/0/threaded" - }, - { - "name" : "http://www.int21.de/cve/CVE-2007-3694-bm.html", - "refsource" : "MISC", - "url" : "http://www.int21.de/cve/CVE-2007-3694-bm.html" - }, - { - "name" : "26407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26407" - }, - { - "name" : "3363", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3363" - }, - { - "name" : "broadcast-machine-login-xss(38418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26407" + }, + { + "name": "20071112 CVE-2007-3694: Cross site scripting (XSS) in broadcast machine", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483575/100/0/threaded" + }, + { + "name": "3363", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3363" + }, + { + "name": "http://www.int21.de/cve/CVE-2007-3694-bm.html", + "refsource": "MISC", + "url": "http://www.int21.de/cve/CVE-2007-3694-bm.html" + }, + { + "name": "broadcast-machine-login-xss(38418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38418" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4176.json b/2007/4xxx/CVE-2007-4176.json index ab264b6d8ed..a6a344e6af1 100644 --- a/2007/4xxx/CVE-2007-4176.json +++ b/2007/4xxx/CVE-2007-4176.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=528450&group_id=167016", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=528450&group_id=167016" - }, - { - "name" : "25172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25172" - }, - { - "name" : "26267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26267" - }, - { - "name" : "eqdkpplus-multiple-unspecified(35763)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "eqdkpplus-multiple-unspecified(35763)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35763" + }, + { + "name": "26267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26267" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=528450&group_id=167016", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=528450&group_id=167016" + }, + { + "name": "25172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25172" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4200.json b/2007/4xxx/CVE-2007-4200.json index 145273b3af0..60977ebb48c 100644 --- a/2007/4xxx/CVE-2007-4200.json +++ b/2007/4xxx/CVE-2007-4200.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070726 Re: Guidance Software response to iSEC report on EnCase", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474809/100/0/threaded" - }, - { - "name" : "20070802 RE: Re: Guidance Software response to iSEC report on EnCase", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475335/100/0/threaded" - }, - { - "name" : "[sleuthkit-announce] 20070614 TSK 2.09 Released and new Wiki", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=A19F11EF-13CA-4940-AFF3-9BE08F67EE22%40sleuthkit.org" - }, - { - "name" : "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf", - "refsource" : "MISC", - "url" : "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf" - }, - { - "name" : "25181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25181" - }, - { - "name" : "46996", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070726 Re: Guidance Software response to iSEC report on EnCase", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474809/100/0/threaded" + }, + { + "name": "25181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25181" + }, + { + "name": "20070802 RE: Re: Guidance Software response to iSEC report on EnCase", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475335/100/0/threaded" + }, + { + "name": "46996", + "refsource": "OSVDB", + "url": "http://osvdb.org/46996" + }, + { + "name": "[sleuthkit-announce] 20070614 TSK 2.09 Released and new Wiki", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_name=A19F11EF-13CA-4940-AFF3-9BE08F67EE22%40sleuthkit.org" + }, + { + "name": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf", + "refsource": "MISC", + "url": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4512.json b/2007/4xxx/CVE-2007-4512.json index d8924e07e51..d2cfc752e12 100644 --- a/2007/4xxx/CVE-2007-4512.json +++ b/2007/4xxx/CVE-2007-4512.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070906 Sophos Anti-Virus 6.5.4 Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478708/100/0/threaded" - }, - { - "name" : "http://www.sophos.com/support/knowledgebase/article/29150.html", - "refsource" : "CONFIRM", - "url" : "http://www.sophos.com/support/knowledgebase/article/29150.html" - }, - { - "name" : "25572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25572" - }, - { - "name" : "ADV-2007-3077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3077" - }, - { - "name" : "37527", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37527" - }, - { - "name" : "26714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26714" - }, - { - "name" : "3107", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3107" - }, - { - "name" : "sophos-zip-xss(36478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3107", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3107" + }, + { + "name": "ADV-2007-3077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3077" + }, + { + "name": "http://www.sophos.com/support/knowledgebase/article/29150.html", + "refsource": "CONFIRM", + "url": "http://www.sophos.com/support/knowledgebase/article/29150.html" + }, + { + "name": "37527", + "refsource": "OSVDB", + "url": "http://osvdb.org/37527" + }, + { + "name": "26714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26714" + }, + { + "name": "sophos-zip-xss(36478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36478" + }, + { + "name": "20070906 Sophos Anti-Virus 6.5.4 Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478708/100/0/threaded" + }, + { + "name": "25572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25572" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4775.json b/2007/4xxx/CVE-2007-4775.json index c2f1dc01388..1800c668e96 100644 --- a/2007/4xxx/CVE-2007-4775.json +++ b/2007/4xxx/CVE-2007-4775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4775", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4775", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6044.json b/2007/6xxx/CVE-2007-6044.json index cd63ef81274..3d2d415adf9 100644 --- a/2007/6xxx/CVE-2007-6044.json +++ b/2007/6xxx/CVE-2007-6044.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving \"memory corruption.\" NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071114 Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483708/100/0/threaded" - }, - { - "name" : "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM", - "refsource" : "MISC", - "url" : "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM" - }, - { - "name" : "26441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26441" - }, - { - "name" : "45302", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45302" - }, - { - "name" : "3381", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving \"memory corruption.\" NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45302", + "refsource": "OSVDB", + "url": "http://osvdb.org/45302" + }, + { + "name": "26441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26441" + }, + { + "name": "3381", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3381" + }, + { + "name": "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM", + "refsource": "MISC", + "url": "http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM" + }, + { + "name": "20071114 Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483708/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6240.json b/2007/6xxx/CVE-2007-6240.json index 81bbc47b53f..e21db07ccb5 100644 --- a/2007/6xxx/CVE-2007-6240.json +++ b/2007/6xxx/CVE-2007-6240.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071203 Snitz2000 SQL Injection: A user can gain admin level", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484541/100/0/threaded" - }, - { - "name" : "4687", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4687" - }, - { - "name" : "26688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26688" - }, - { - "name" : "39002", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39002" - }, - { - "name" : "27911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39002", + "refsource": "OSVDB", + "url": "http://osvdb.org/39002" + }, + { + "name": "20071203 Snitz2000 SQL Injection: A user can gain admin level", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484541/100/0/threaded" + }, + { + "name": "27911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27911" + }, + { + "name": "26688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26688" + }, + { + "name": "4687", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4687" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6582.json b/2007/6xxx/CVE-2007-6582.json index b67bad41adf..80fd2a02844 100644 --- a/2007/6xxx/CVE-2007-6582.json +++ b/2007/6xxx/CVE-2007-6582.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4766", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4766" - }, - { - "name" : "26989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26989" - }, - { - "name" : "39620", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39620" - }, - { - "name" : "28242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28242" - }, - { - "name" : "mblog-index-file-include(39234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39620", + "refsource": "OSVDB", + "url": "http://osvdb.org/39620" + }, + { + "name": "28242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28242" + }, + { + "name": "mblog-index-file-include(39234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39234" + }, + { + "name": "26989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26989" + }, + { + "name": "4766", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4766" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1150.json b/2010/1xxx/CVE-2010-1150.json index 9784c604597..5e3e9e4cffd 100644 --- a/2010/1xxx/CVE-2010-1150.json +++ b/2010/1xxx/CVE-2010-1150.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a \"login CSRF\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20100407 MediaWiki security update: 1.15.3 and 1.16.0beta2", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html" - }, - { - "name" : "[oss-security] 20100406 CVE Request: MediaWiki 1.15.3 -- Login CSRF", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/04/07/1" - }, - { - "name" : "[oss-security] 20100407 Re: CVE Request: MediaWiki 1.15.3 -- Login CSRF", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/04/08/4" - }, - { - "name" : "http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz", - "refsource" : "CONFIRM", - "url" : "http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz" - }, - { - "name" : "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz", - "refsource" : "CONFIRM", - "url" : "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz" - }, - { - "name" : "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES", - "refsource" : "CONFIRM", - "url" : "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES" - }, - { - "name" : "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES", - "refsource" : "CONFIRM", - "url" : "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=580418", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=580418" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=23076", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=23076" - }, - { - "name" : "DSA-2041", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2041" - }, - { - "name" : "ADV-2010-1055", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a \"login CSRF\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1055", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1055" + }, + { + "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES", + "refsource": "CONFIRM", + "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES" + }, + { + "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES", + "refsource": "CONFIRM", + "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES" + }, + { + "name": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz", + "refsource": "CONFIRM", + "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz" + }, + { + "name": "[oss-security] 20100407 Re: CVE Request: MediaWiki 1.15.3 -- Login CSRF", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/04/08/4" + }, + { + "name": "http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz", + "refsource": "CONFIRM", + "url": "http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23076", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23076" + }, + { + "name": "[mediawiki-announce] 20100407 MediaWiki security update: 1.15.3 and 1.16.0beta2", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html" + }, + { + "name": "[oss-security] 20100406 CVE Request: MediaWiki 1.15.3 -- Login CSRF", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/04/07/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=580418", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580418" + }, + { + "name": "DSA-2041", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2041" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5045.json b/2010/5xxx/CVE-2010-5045.json index 94d5329f88a..13adbb92dd5 100644 --- a/2010/5xxx/CVE-2010-5045.json +++ b/2010/5xxx/CVE-2010-5045.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13880", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13880" - }, - { - "name" : "40870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40870" - }, - { - "name" : "36028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36028" - }, - { - "name" : "smartasp-default-xss(59473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36028" + }, + { + "name": "13880", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13880" + }, + { + "name": "smartasp-default-xss(59473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59473" + }, + { + "name": "40870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40870" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5122.json b/2010/5xxx/CVE-2010-5122.json index 920b40f3a90..77811b4c087 100644 --- a/2010/5xxx/CVE-2010-5122.json +++ b/2010/5xxx/CVE-2010-5122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5122", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-5122", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0811.json b/2014/0xxx/CVE-2014-0811.json index e063c21630a..f790d0e2195 100644 --- a/2014/0xxx/CVE-2014-0811.json +++ b/2014/0xxx/CVE-2014-0811.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#24730765", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN24730765/index.html" - }, - { - "name" : "JVNDB-2014-000012", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000012" - }, - { - "name" : "65742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#24730765", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN24730765/index.html" + }, + { + "name": "65742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65742" + }, + { + "name": "JVNDB-2014-000012", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000012" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1234.json b/2014/1xxx/CVE-2014-1234.json index 84fb4d40adb..d7378f754a1 100644 --- a/2014/1xxx/CVE-2014-1234.json +++ b/2014/1xxx/CVE-2014-1234.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140107 Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/01/08/2" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140107 Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/01/08/2" + }, + { + "name": "http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1545.json b/2014/1xxx/CVE-2014-1545.json index 949d3233900..2e6ab4ef709 100644 --- a/2014/1xxx/CVE-2014-1545.json +++ b/2014/1xxx/CVE-2014-1545.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-55.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-55.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1018783", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1018783" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1107432", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1107432" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" - }, - { - "name" : "DSA-2955", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2955" - }, - { - "name" : "DSA-2960", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2960" - }, - { - "name" : "DSA-2962", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2962" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2014:0855", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html" - }, - { - "name" : "openSUSE-SU-2014:0858", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html" - }, - { - "name" : "SUSE-SU-2014:0824", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html" - }, - { - "name" : "openSUSE-SU-2014:0797", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html" - }, - { - "name" : "openSUSE-SU-2014:0819", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html" - }, - { - "name" : "USN-2265-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2265-1" - }, - { - "name" : "67975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67975" - }, - { - "name" : "1030404", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030404" - }, - { - "name" : "58984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58984" - }, - { - "name" : "59229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59229" - }, - { - "name" : "59275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59275" - }, - { - "name" : "59318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59318" - }, - { - "name" : "59614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59614" - }, - { - "name" : "59377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59377" - }, - { - "name" : "59387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59387" - }, - { - "name" : "59425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59425" - }, - { - "name" : "59486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "59229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59229" + }, + { + "name": "openSUSE-SU-2014:0819", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html" + }, + { + "name": "SUSE-SU-2014:0824", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html" + }, + { + "name": "59387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59387" + }, + { + "name": "67975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67975" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1018783", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1018783" + }, + { + "name": "DSA-2962", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2962" + }, + { + "name": "openSUSE-SU-2014:0855", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html" + }, + { + "name": "openSUSE-SU-2014:0797", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html" + }, + { + "name": "59614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59614" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "1030404", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030404" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2014:0858", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html" + }, + { + "name": "59377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59377" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-55.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-55.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1107432", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107432" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" + }, + { + "name": "DSA-2960", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2960" + }, + { + "name": "DSA-2955", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2955" + }, + { + "name": "59318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59318" + }, + { + "name": "58984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58984" + }, + { + "name": "59425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59425" + }, + { + "name": "59275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59275" + }, + { + "name": "59486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59486" + }, + { + "name": "USN-2265-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2265-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1599.json b/2014/1xxx/CVE-2014-1599.json index b18845cd835..e0d91e40149 100644 --- a/2014/1xxx/CVE-2014-1599.json +++ b/2014/1xxx/CVE-2014-1599.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) dns, (2) dhcp, (3) nat, (4) route, or (5) lan in network/; or (6) wifi/config." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140305 CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531349/100/0/threaded" - }, - { - "name" : "65973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) dns, (2) dhcp, (3) nat, (4) route, or (5) lan in network/; or (6) wifi/config." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65973" + }, + { + "name": "20140305 CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531349/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5094.json b/2014/5xxx/CVE-2014-5094.json index c450af20b1c..4a714cb59c8 100644 --- a/2014/5xxx/CVE-2014-5094.json +++ b/2014/5xxx/CVE-2014-5094.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html" - }, - { - "name" : "status2k-cve20145094-info-disc(95114)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html" + }, + { + "name": "status2k-cve20145094-info-disc(95114)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95114" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5422.json b/2014/5xxx/CVE-2014-5422.json index 937e6bec2cb..bf915d1bc70 100644 --- a/2014/5xxx/CVE-2014-5422.json +++ b/2014/5xxx/CVE-2014-5422.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-5422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5723.json b/2014/5xxx/CVE-2014-5723.json index 2ad8261dcb4..f18dbd89020 100644 --- a/2014/5xxx/CVE-2014-5723.json +++ b/2014/5xxx/CVE-2014-5723.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Trapster (aka com.trapster.android) application 4.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#797657", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/797657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Trapster (aka com.trapster.android) application 4.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#797657", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/797657" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2155.json b/2015/2xxx/CVE-2015-2155.json index 03eaa417de4..9bd9837dd89 100644 --- a/2015/2xxx/CVE-2015-2155.json +++ b/2015/2xxx/CVE-2015-2155.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150309 tcpdump 4.7.2 remote crashes", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534829/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1201798", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1201798" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0114.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0114.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "DSA-3193", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3193" - }, - { - "name" : "FEDORA-2015-4939", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html" - }, - { - "name" : "GLSA-201510-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-04" - }, - { - "name" : "MDVSA-2015:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" - }, - { - "name" : "MDVSA-2015:182", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:182" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "openSUSE-SU-2015:0616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html" - }, - { - "name" : "USN-2580-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2580-1" - }, - { - "name" : "73021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73021" - }, - { - "name" : "1031937", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1201798", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201798" + }, + { + "name": "73021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73021" + }, + { + "name": "FEDORA-2015-4939", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html" + }, + { + "name": "MDVSA-2015:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" + }, + { + "name": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "1031937", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031937" + }, + { + "name": "GLSA-201510-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-04" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0114.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0114.html" + }, + { + "name": "USN-2580-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2580-1" + }, + { + "name": "20150309 tcpdump 4.7.2 remote crashes", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534829/100/0/threaded" + }, + { + "name": "openSUSE-SU-2015:0616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html" + }, + { + "name": "MDVSA-2015:182", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:182" + }, + { + "name": "DSA-3193", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3193" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2346.json b/2015/2xxx/CVE-2015-2346.json index ab42bf40240..73ca4c16d0e 100644 --- a/2015/2xxx/CVE-2015-2346.json +++ b/2015/2xxx/CVE-2015-2346.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150415 Huawei SEQ Analyst - XML External Entity Injection (XXE)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Apr/42" - }, - { - "name" : "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150415 Huawei SEQ Analyst - XML External Entity Injection (XXE)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Apr/42" + }, + { + "name": "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2562.json b/2015/2xxx/CVE-2015-2562.json index 8bd2307b277..a04d6c9e275 100644 --- a/2015/2xxx/CVE-2015-2562.json +++ b/2015/2xxx/CVE-2015-2562.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36439", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36439/" - }, - { - "name" : "20150319 Web-Dorado ECommerce-WD for Joomla plugin multiple unauthenticated SQL injections", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/123" - }, - { - "name" : "http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html" - }, - { - "name" : "73285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36439", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36439/" + }, + { + "name": "20150319 Web-Dorado ECommerce-WD for Joomla plugin multiple unauthenticated SQL injections", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/123" + }, + { + "name": "http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html" + }, + { + "name": "73285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73285" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6201.json b/2015/6xxx/CVE-2015-6201.json index 5aa21562656..ac239267c25 100644 --- a/2015/6xxx/CVE-2015-6201.json +++ b/2015/6xxx/CVE-2015-6201.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6201", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6201", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000339.json b/2016/1000xxx/CVE-2016-1000339.json index 55e86e3e766..6c93d6b93a1 100644 --- a/2016/1000xxx/CVE-2016-1000339.json +++ b/2016/1000xxx/CVE-2016-1000339.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2016-1000339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html" - }, - { - "name" : "https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0", - "refsource" : "CONFIRM", - "url" : "https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0" - }, - { - "name" : "https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2", - "refsource" : "CONFIRM", - "url" : "https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181127-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181127-0004/" - }, - { - "name" : "RHSA-2018:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2669" - }, - { - "name" : "RHSA-2018:2927", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2927" - }, - { - "name" : "USN-3727-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3727-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html" + }, + { + "name": "RHSA-2018:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2669" + }, + { + "name": "https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2", + "refsource": "CONFIRM", + "url": "https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181127-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181127-0004/" + }, + { + "name": "USN-3727-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3727-1/" + }, + { + "name": "https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0", + "refsource": "CONFIRM", + "url": "https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0" + }, + { + "name": "RHSA-2018:2927", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2927" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10150.json b/2016/10xxx/CVE-2016-10150.json index 6870591ba2a..879c929cf91 100644 --- a/2016/10xxx/CVE-2016-10150.json +++ b/2016/10xxx/CVE-2016-10150.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-10150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170118 CVE request Kernel: kvm: use-after-free issue while creating devices", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/18/10" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1414506", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1414506" - }, - { - "name" : "https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61" - }, - { - "name" : "95672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13" + }, + { + "name": "[oss-security] 20170118 CVE request Kernel: kvm: use-after-free issue while creating devices", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/18/10" + }, + { + "name": "https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61" + }, + { + "name": "95672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95672" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1414506", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414506" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10324.json b/2016/10xxx/CVE-2016-10324.json index 2743e581e2b..7690a42340a 100644 --- a/2016/10xxx/CVE-2016-10324.json +++ b/2016/10xxx/CVE-2016-10324.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://savannah.gnu.org/support/index.php?109133", - "refsource" : "CONFIRM", - "url" : "https://savannah.gnu.org/support/index.php?109133" - }, - { - "name" : "DSA-3879", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3879" - }, - { - "name" : "97641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://savannah.gnu.org/support/index.php?109133", + "refsource": "CONFIRM", + "url": "https://savannah.gnu.org/support/index.php?109133" + }, + { + "name": "DSA-3879", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3879" + }, + { + "name": "97641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97641" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4245.json b/2016/4xxx/CVE-2016-4245.json index 4e29950b1da..70cfdc182cb 100644 --- a/2016/4xxx/CVE-2016-4245.json +++ b/2016/4xxx/CVE-2016-4245.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, and CVE-2016-4246." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" - }, - { - "name" : "GLSA-201607-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-03" - }, - { - "name" : "RHSA-2016:1423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1423" - }, - { - "name" : "SUSE-SU-2016:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" - }, - { - "name" : "91725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91725" - }, - { - "name" : "1036280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, and CVE-2016-4246." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" + }, + { + "name": "GLSA-201607-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-03" + }, + { + "name": "openSUSE-SU-2016:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" + }, + { + "name": "91725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91725" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" + }, + { + "name": "RHSA-2016:1423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1423" + }, + { + "name": "1036280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036280" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4804.json b/2016/4xxx/CVE-2016-4804.json index 35babb8108a..946d3a8d906 100644 --- a/2016/4xxx/CVE-2016-4804.json +++ b/2016/4xxx/CVE-2016-4804.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html" - }, - { - "name" : "https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52", - "refsource" : "CONFIRM", - "url" : "https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52" - }, - { - "name" : "https://github.com/dosfstools/dosfstools/issues/25", - "refsource" : "CONFIRM", - "url" : "https://github.com/dosfstools/dosfstools/issues/25" - }, - { - "name" : "https://github.com/dosfstools/dosfstools/issues/26", - "refsource" : "CONFIRM", - "url" : "https://github.com/dosfstools/dosfstools/issues/26" - }, - { - "name" : "openSUSE-SU-2016:1461", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html" - }, - { - "name" : "openSUSE-SU-2016:2233", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html" - }, - { - "name" : "USN-2986-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2986-1" - }, - { - "name" : "90311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1461", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html" + }, + { + "name": "https://github.com/dosfstools/dosfstools/issues/25", + "refsource": "CONFIRM", + "url": "https://github.com/dosfstools/dosfstools/issues/25" + }, + { + "name": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html" + }, + { + "name": "USN-2986-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2986-1" + }, + { + "name": "https://github.com/dosfstools/dosfstools/issues/26", + "refsource": "CONFIRM", + "url": "https://github.com/dosfstools/dosfstools/issues/26" + }, + { + "name": "openSUSE-SU-2016:2233", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html" + }, + { + "name": "90311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90311" + }, + { + "name": "https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52", + "refsource": "CONFIRM", + "url": "https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8127.json b/2016/8xxx/CVE-2016-8127.json index d19845c1b21..a4adf356ca8 100644 --- a/2016/8xxx/CVE-2016-8127.json +++ b/2016/8xxx/CVE-2016-8127.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8127", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8127", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8422.json b/2016/8xxx/CVE-2016-8422.json index 97b1f0c0047..b58a6b73762 100644 --- a/2016/8xxx/CVE-2016-8422.json +++ b/2016/8xxx/CVE-2016-8422.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95241" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8580.json b/2016/8xxx/CVE-2016-8580.json index e700c6e8037..41e5b028554 100644 --- a/2016/8xxx/CVE-2016-8580.json +++ b/2016/8xxx/CVE-2016-8580.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40682", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40682/" - }, - { - "name" : "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities", - "refsource" : "CONFIRM", - "url" : "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities" - }, - { - "name" : "93864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities" + }, + { + "name": "40682", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40682/" + }, + { + "name": "93864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93864" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8974.json b/2016/8xxx/CVE-2016-8974.json index 50d9b9c251c..d4fc83922cb 100644 --- a/2016/8xxx/CVE-2016-8974.json +++ b/2016/8xxx/CVE-2016-8974.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Rhapsody Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.2" - }, - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "3" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Rhapsody Design Manager", + "version": { + "version_data": [ + { + "version_value": "4.0.2" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.0.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "3" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21997798", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21997798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21997798", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21997798" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9302.json b/2016/9xxx/CVE-2016-9302.json index 49b0611bfbb..819c240a6c0 100644 --- a/2016/9xxx/CVE-2016-9302.json +++ b/2016/9xxx/CVE-2016-9302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9302", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9302", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9501.json b/2016/9xxx/CVE-2016-9501.json index fb079b195f4..66172c90602 100644 --- a/2016/9xxx/CVE-2016-9501.json +++ b/2016/9xxx/CVE-2016-9501.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9501", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9501", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9685.json b/2016/9xxx/CVE-2016-9685.json index eb693c43066..41a042eace1 100644 --- a/2016/9xxx/CVE-2016-9685.json +++ b/2016/9xxx/CVE-2016-9685.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161130 cve-request: linux kernel - memory leak in xfs attribute mechanism.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/30/1" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e83b79b2d6c78bf1b4aa227938a214dcbddc83f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e83b79b2d6c78bf1b4aa227938a214dcbddc83f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396941", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396941" - }, - { - "name" : "https://github.com/torvalds/linux/commit/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f" - }, - { - "name" : "RHSA-2017:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2669" - }, - { - "name" : "RHSA-2017:1842", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1842" - }, - { - "name" : "RHSA-2017:2077", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2077" - }, - { - "name" : "94593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e83b79b2d6c78bf1b4aa227938a214dcbddc83f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e83b79b2d6c78bf1b4aa227938a214dcbddc83f" + }, + { + "name": "RHSA-2017:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2669" + }, + { + "name": "https://github.com/torvalds/linux/commit/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f" + }, + { + "name": "94593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94593" + }, + { + "name": "RHSA-2017:2077", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2077" + }, + { + "name": "RHSA-2017:1842", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1842" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1396941", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396941" + }, + { + "name": "[oss-security] 20161130 cve-request: linux kernel - memory leak in xfs attribute mechanism.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/30/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003039.json b/2019/1003xxx/CVE-2019-1003039.json index a57e4db25c5..a4c92c9f0be 100644 --- a/2019/1003xxx/CVE-2019-1003039.json +++ b/2019/1003xxx/CVE-2019-1003039.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2019-03-06T22:44:37.388179", - "ID" : "CVE-2019-1003039", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "JenkinsAppDynamics Dashboard Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.14 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-522" - } + "CVE_data_meta": { + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "DATE_ASSIGNED": "2019-03-06T22:44:37.388179", + "ID": "CVE-2019-1003039", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "JenkinsAppDynamics Dashboard Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.14 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Jenkins project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1087", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1087", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1087" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2030.json b/2019/2xxx/CVE-2019-2030.json index ae3819421a4..5c172009dde 100644 --- a/2019/2xxx/CVE-2019-2030.json +++ b/2019/2xxx/CVE-2019-2030.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2030", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2030", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2214.json b/2019/2xxx/CVE-2019-2214.json index 8d434a186d8..64aecebdc3c 100644 --- a/2019/2xxx/CVE-2019-2214.json +++ b/2019/2xxx/CVE-2019-2214.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2214", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2214", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2611.json b/2019/2xxx/CVE-2019-2611.json index a9cbf3f8e69..5c5bc985890 100644 --- a/2019/2xxx/CVE-2019-2611.json +++ b/2019/2xxx/CVE-2019-2611.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2611", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2611", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2697.json b/2019/2xxx/CVE-2019-2697.json index d7ef5724aab..66d72b4fbd5 100644 --- a/2019/2xxx/CVE-2019-2697.json +++ b/2019/2xxx/CVE-2019-2697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2697", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2697", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3014.json b/2019/3xxx/CVE-2019-3014.json index b8cbe7e5e82..bf6803b85fe 100644 --- a/2019/3xxx/CVE-2019-3014.json +++ b/2019/3xxx/CVE-2019-3014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3356.json b/2019/3xxx/CVE-2019-3356.json index 6e9249161d5..f03332ef755 100644 --- a/2019/3xxx/CVE-2019-3356.json +++ b/2019/3xxx/CVE-2019-3356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3356", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3356", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3499.json b/2019/3xxx/CVE-2019-3499.json index 4cf02d1ee9c..efcca03ae76 100644 --- a/2019/3xxx/CVE-2019-3499.json +++ b/2019/3xxx/CVE-2019-3499.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3499", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3499", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3610.json b/2019/3xxx/CVE-2019-3610.json index b7c579226b5..2052fbaba76 100644 --- a/2019/3xxx/CVE-2019-3610.json +++ b/2019/3xxx/CVE-2019-3610.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "DATE_PUBLIC" : "2019-02-13T15:00:00.000Z", - "ID" : "CVE-2019-3610", - "STATE" : "PUBLIC", - "TITLE" : "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "True Key (TK)", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "platform" : "Chrome, Edge and Firefox", - "version_name" : "3.1", - "version_value" : "3.1.9211.0" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee, LLC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 5.6, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Leakage Attacks vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2019-02-13T15:00:00.000Z", + "ID": "CVE-2019-3610", + "STATE": "PUBLIC", + "TITLE": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "True Key (TK)", + "version": { + "version_data": [ + { + "affected": "<=", + "platform": "Chrome, Edge and Firefox", + "version_name": "3.1", + "version_value": "3.1.9211.0" + } + ] + } + } + ] + }, + "vendor_name": "McAfee, LLC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889", - "refsource" : "CONFIRM", - "url" : "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889" - }, - { - "name" : "107217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107217" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Leakage Attacks vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107217" + }, + { + "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889", + "refsource": "CONFIRM", + "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6222.json b/2019/6xxx/CVE-2019-6222.json index 21f140c463c..2173696d444 100644 --- a/2019/6xxx/CVE-2019-6222.json +++ b/2019/6xxx/CVE-2019-6222.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6222", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6222", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6358.json b/2019/6xxx/CVE-2019-6358.json index c7d29fa0b49..5f3ef4aa6e2 100644 --- a/2019/6xxx/CVE-2019-6358.json +++ b/2019/6xxx/CVE-2019-6358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6358", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6358", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6761.json b/2019/6xxx/CVE-2019-6761.json index f6828c41faf..f6f7e5dfdc4 100644 --- a/2019/6xxx/CVE-2019-6761.json +++ b/2019/6xxx/CVE-2019-6761.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6761", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6761", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6838.json b/2019/6xxx/CVE-2019-6838.json index 983e85121e5..158b825927e 100644 --- a/2019/6xxx/CVE-2019-6838.json +++ b/2019/6xxx/CVE-2019-6838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6838", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6838", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6958.json b/2019/6xxx/CVE-2019-6958.json index fae908663d7..3e059c16adf 100644 --- a/2019/6xxx/CVE-2019-6958.json +++ b/2019/6xxx/CVE-2019-6958.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6958", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6958", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7698.json b/2019/7xxx/CVE-2019-7698.json index 1cb190bb1fd..aa143a0b906 100644 --- a/2019/7xxx/CVE-2019-7698.json +++ b/2019/7xxx/CVE-2019-7698.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in AP4_Array::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/354", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in AP4_Array::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/354", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/354" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7951.json b/2019/7xxx/CVE-2019-7951.json index 0cfcc89a54f..99f3e9e56df 100644 --- a/2019/7xxx/CVE-2019-7951.json +++ b/2019/7xxx/CVE-2019-7951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7951", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7951", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file