diff --git a/2007/0xxx/CVE-2007-0892.json b/2007/0xxx/CVE-2007-0892.json index 1698280b1f9..c8f37fec6d3 100644 --- a/2007/0xxx/CVE-2007-0892.json +++ b/2007/0xxx/CVE-2007-0892.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with \"FILE:\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070211 Multiple vulnerabilities in phpMyVisites", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459792/100/0/threaded" - }, - { - "name" : "20070211 Multiple vulnerabilities in phpMyVisites", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=117121596803908&w=2" - }, - { - "name" : "33177", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33177" - }, - { - "name" : "phpmyvisites-pagename-response-splitting(32428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with \"FILE:\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33177", + "refsource": "OSVDB", + "url": "http://osvdb.org/33177" + }, + { + "name": "20070211 Multiple vulnerabilities in phpMyVisites", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=117121596803908&w=2" + }, + { + "name": "20070211 Multiple vulnerabilities in phpMyVisites", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459792/100/0/threaded" + }, + { + "name": "phpmyvisites-pagename-response-splitting(32428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32428" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3422.json b/2007/3xxx/CVE-2007-3422.json index 27cc1c040a9..69f6da5a017 100644 --- a/2007/3xxx/CVE-2007-3422.json +++ b/2007/3xxx/CVE-2007-3422.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458" - }, - { - "name" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip" - }, - { - "name" : "45408", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45408", + "refsource": "OSVDB", + "url": "http://osvdb.org/45408" + }, + { + "name": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3490.json b/2007/3xxx/CVE-2007-3490.json index 6a623bf73e9..4a7cf365770 100644 --- a/2007/3xxx/CVE-2007-3490.json +++ b/2007/3xxx/CVE-2007-3490.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4121", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4121" - }, - { - "name" : "http://www.milw0rm.com/sploits/06272007-2670.zip", - "refsource" : "MISC", - "url" : "http://www.milw0rm.com/sploits/06272007-2670.zip" - }, - { - "name" : "http://pstgroup.blogspot.com/2007/06/exploitmicrosoft-excel-20002003-sheet.html", - "refsource" : "MISC", - "url" : "http://pstgroup.blogspot.com/2007/06/exploitmicrosoft-excel-20002003-sheet.html" - }, - { - "name" : "24691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24691" - }, - { - "name" : "38954", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38954" - }, - { - "name" : "1018321", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018321" - }, - { - "name" : "excel-sheet-name-bo(35132)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4121", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4121" + }, + { + "name": "excel-sheet-name-bo(35132)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35132" + }, + { + "name": "24691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24691" + }, + { + "name": "http://www.milw0rm.com/sploits/06272007-2670.zip", + "refsource": "MISC", + "url": "http://www.milw0rm.com/sploits/06272007-2670.zip" + }, + { + "name": "http://pstgroup.blogspot.com/2007/06/exploitmicrosoft-excel-20002003-sheet.html", + "refsource": "MISC", + "url": "http://pstgroup.blogspot.com/2007/06/exploitmicrosoft-excel-20002003-sheet.html" + }, + { + "name": "1018321", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018321" + }, + { + "name": "38954", + "refsource": "OSVDB", + "url": "http://osvdb.org/38954" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3523.json b/2007/3xxx/CVE-2007-3523.json index 31aa06fe51d..c069e55bda0 100644 --- a/2007/3xxx/CVE-2007-3523.json +++ b/2007/3xxx/CVE-2007-3523.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4131", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4131" - }, - { - "name" : "24724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24724" - }, - { - "name" : "ADV-2007-2409", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2409" - }, - { - "name" : "38963", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38963" - }, - { - "name" : "xcms-galerie-file-include(35191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24724" + }, + { + "name": "4131", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4131" + }, + { + "name": "38963", + "refsource": "OSVDB", + "url": "http://osvdb.org/38963" + }, + { + "name": "xcms-galerie-file-include(35191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35191" + }, + { + "name": "ADV-2007-2409", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2409" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3943.json b/2007/3xxx/CVE-2007-3943.json index ed0bc151e96..ffc325a984e 100644 --- a/2007/3xxx/CVE-2007-3943.json +++ b/2007/3xxx/CVE-2007-3943.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=523684&group_id=199618", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=523684&group_id=199618" - }, - { - "name" : "24931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24931" - }, - { - "name" : "26008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26008" - }, - { - "name" : "infinite-responder-unspecified-sql-injection(35452)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "infinite-responder-unspecified-sql-injection(35452)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35452" + }, + { + "name": "26008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26008" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=523684&group_id=199618", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=523684&group_id=199618" + }, + { + "name": "24931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24931" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4205.json b/2007/4xxx/CVE-2007-4205.json index da749db7e18..bfe724ff221 100644 --- a/2007/4xxx/CVE-2007-4205.json +++ b/2007/4xxx/CVE-2007-4205.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070729 TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475065/100/0/threaded" - }, - { - "name" : "20070803 Re: TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475455/100/0/threaded" - }, - { - "name" : "ADV-2007-2767", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2767" - }, - { - "name" : "39396", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39396" - }, - { - "name" : "1018505", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018505" - }, - { - "name" : "26265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26265" - }, - { - "name" : "2978", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018505", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018505" + }, + { + "name": "ADV-2007-2767", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2767" + }, + { + "name": "39396", + "refsource": "OSVDB", + "url": "http://osvdb.org/39396" + }, + { + "name": "26265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26265" + }, + { + "name": "2978", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2978" + }, + { + "name": "20070803 Re: TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475455/100/0/threaded" + }, + { + "name": "20070729 TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475065/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4313.json b/2007/4xxx/CVE-2007-4313.json index 2bc3682c521..bcf3b7153fb 100644 --- a/2007/4xxx/CVE-2007-4313.json +++ b/2007/4xxx/CVE-2007-4313.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070814 PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability (0dd exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476432/100/0/threaded" - }, - { - "name" : "4276", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4276" - }, - { - "name" : "25264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25264" - }, - { - "name" : "ADV-2007-2861", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2861" - }, - { - "name" : "36442", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36442" - }, - { - "name" : "26414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26414" - }, - { - "name" : "phpbluedragon-activecontent-file-include(35945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4276", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4276" + }, + { + "name": "26414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26414" + }, + { + "name": "20070814 PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability (0dd exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476432/100/0/threaded" + }, + { + "name": "phpbluedragon-activecontent-file-include(35945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35945" + }, + { + "name": "36442", + "refsource": "OSVDB", + "url": "http://osvdb.org/36442" + }, + { + "name": "ADV-2007-2861", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2861" + }, + { + "name": "25264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25264" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4674.json b/2007/4xxx/CVE-2007-4674.json index ba5c12c9748..3f4d7f2ed1b 100644 --- a/2007/4xxx/CVE-2007-4674.json +++ b/2007/4xxx/CVE-2007-4674.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An \"integer arithmetic\" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071114 TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483717/100/100/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-07-20", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-07-20" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=306896", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306896" - }, - { - "name" : "http://support.apple.com/kb/HT3189", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3189" - }, - { - "name" : "APPLE-SA-2008-10-02", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00000.html" - }, - { - "name" : "GLSA-200803-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-08.xml" - }, - { - "name" : "26443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26443" - }, - { - "name" : "ADV-2008-2735", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2735" - }, - { - "name" : "43716", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43716" - }, - { - "name" : "29182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29182" - }, - { - "name" : "32121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An \"integer arithmetic\" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2008-10-02", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00000.html" + }, + { + "name": "ADV-2008-2735", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2735" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306896", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306896" + }, + { + "name": "http://support.apple.com/kb/HT3189", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3189" + }, + { + "name": "20071114 TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483717/100/100/threaded" + }, + { + "name": "43716", + "refsource": "OSVDB", + "url": "http://osvdb.org/43716" + }, + { + "name": "GLSA-200803-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml" + }, + { + "name": "32121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32121" + }, + { + "name": "26443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26443" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-20", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-20" + }, + { + "name": "29182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29182" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4695.json b/2007/4xxx/CVE-2007-4695.json index a818f2c8793..a566618fe3f 100644 --- a/2007/4xxx/CVE-2007-4695.json +++ b/2007/4xxx/CVE-2007-4695.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified \"input validation\" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307041", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307041" - }, - { - "name" : "APPLE-SA-2007-11-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" - }, - { - "name" : "TA07-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" - }, - { - "name" : "26444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26444" - }, - { - "name" : "ADV-2007-3868", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3868" - }, - { - "name" : "1018948", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018948" - }, - { - "name" : "27643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27643" - }, - { - "name" : "macosx-webcore-form-manipulation(38482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified \"input validation\" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-webcore-form-manipulation(38482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38482" + }, + { + "name": "26444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26444" + }, + { + "name": "APPLE-SA-2007-11-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307041", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307041" + }, + { + "name": "1018948", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018948" + }, + { + "name": "ADV-2007-3868", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3868" + }, + { + "name": "27643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27643" + }, + { + "name": "TA07-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6248.json b/2007/6xxx/CVE-2007-6248.json index fe2e686e669..7cfbf61a115 100644 --- a/2007/6xxx/CVE-2007-6248.json +++ b/2007/6xxx/CVE-2007-6248.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6248", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6248", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6453.json b/2007/6xxx/CVE-2007-6453.json index edd5504df41..0640e3c5c48 100644 --- a/2007/6xxx/CVE-2007-6453.json +++ b/2007/6xxx/CVE-2007-6453.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071217 RaidenHTTPD 2.0.19 ulang cmd exec poc exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485221/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/rgod_raidenhttpdudo.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/rgod_raidenhttpdudo.html" - }, - { - "name" : "http://www.raidenhttpd.com/jp/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.raidenhttpd.com/jp/security.html" - }, - { - "name" : "JVN#90438169", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2390438169/index.html" - }, - { - "name" : "26903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26903" - }, - { - "name" : "ADV-2007-4244", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4244" - }, - { - "name" : "39228", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/39228" - }, - { - "name" : "28143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28143" - }, - { - "name" : "3460", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3460" - }, - { - "name" : "raidenhttpd-ulang-command-execution(39088)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.raidenhttpd.com/jp/security.html", + "refsource": "CONFIRM", + "url": "http://www.raidenhttpd.com/jp/security.html" + }, + { + "name": "raidenhttpd-ulang-command-execution(39088)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39088" + }, + { + "name": "26903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26903" + }, + { + "name": "20071217 RaidenHTTPD 2.0.19 ulang cmd exec poc exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485221/100/0/threaded" + }, + { + "name": "JVN#90438169", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2390438169/index.html" + }, + { + "name": "28143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28143" + }, + { + "name": "http://retrogod.altervista.org/rgod_raidenhttpdudo.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/rgod_raidenhttpdudo.html" + }, + { + "name": "39228", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/39228" + }, + { + "name": "3460", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3460" + }, + { + "name": "ADV-2007-4244", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4244" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6673.json b/2007/6xxx/CVE-2007-6673.json index 1e849bf3009..9179398f21f 100644 --- a/2007/6xxx/CVE-2007-6673.json +++ b/2007/6xxx/CVE-2007-6673.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0712-exploits/makale-xss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0712-exploits/makale-xss.txt" - }, - { - "name" : "27067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27067" - }, - { - "name" : "28262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28262" - }, - { - "name" : "makalescripti-default-xss(39456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "makalescripti-default-xss(39456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39456" + }, + { + "name": "27067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27067" + }, + { + "name": "28262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28262" + }, + { + "name": "http://www.packetstormsecurity.org/0712-exploits/makale-xss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0712-exploits/makale-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1241.json b/2014/1xxx/CVE-2014-1241.json index 9c94c75ed9f..8124f4af4d6 100644 --- a/2014/1xxx/CVE-2014-1241.json +++ b/2014/1xxx/CVE-2014-1241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1528.json b/2014/1xxx/CVE-2014-1528.json index 0e3a3af9189..c87adc95c58 100644 --- a/2014/1xxx/CVE-2014-1528.json +++ b/2014/1xxx/CVE-2014-1528.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-41.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-41.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=963962", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=963962" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "FEDORA-2014-5829", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" - }, - { - "name" : "openSUSE-SU-2014:0599", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html" - }, - { - "name" : "openSUSE-SU-2014:0629", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html" - }, - { - "name" : "USN-2185-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2185-1" - }, - { - "name" : "1030163", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030163" - }, - { - "name" : "1030164", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030164" - }, - { - "name" : "59866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0599", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html" + }, + { + "name": "openSUSE-SU-2014:0629", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html" + }, + { + "name": "59866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59866" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=963962", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=963962" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-41.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-41.html" + }, + { + "name": "USN-2185-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2185-1" + }, + { + "name": "1030164", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030164" + }, + { + "name": "1030163", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030163" + }, + { + "name": "FEDORA-2014-5829", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5067.json b/2014/5xxx/CVE-2014-5067.json index 97bed7c74ec..32e85100847 100644 --- a/2014/5xxx/CVE-2014-5067.json +++ b/2014/5xxx/CVE-2014-5067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5448.json b/2014/5xxx/CVE-2014-5448.json index c7072959023..5abef78d4d9 100644 --- a/2014/5xxx/CVE-2014-5448.json +++ b/2014/5xxx/CVE-2014-5448.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/444" - }, - { - "name" : "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/445" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0380.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0380.html" - }, - { - "name" : "MDVSA-2014:182", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182" - }, - { - "name" : "69365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69365" - }, - { - "name" : "zarafa-logzarafa-info-disc(95452)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69365" + }, + { + "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/444" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0380.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0380.html" + }, + { + "name": "zarafa-logzarafa-info-disc(95452)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452" + }, + { + "name": "MDVSA-2014:182", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182" + }, + { + "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/445" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5742.json b/2014/5xxx/CVE-2014-5742.json index 83dd51b0cbb..921c6023f6e 100644 --- a/2014/5xxx/CVE-2014-5742.json +++ b/2014/5xxx/CVE-2014-5742.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Eversnap Private Photo Album (aka com.weddingsnap.android) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#954473", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/954473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Eversnap Private Photo Album (aka com.weddingsnap.android) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#954473", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/954473" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2728.json b/2015/2xxx/CVE-2015-2728.json index 3f144c1226d..89fe427a0a7 100644 --- a/2015/2xxx/CVE-2015-2728.json +++ b/2015/2xxx/CVE-2015-2728.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a \"type confusion\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-2728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-61.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-61.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1142210", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1142210" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3300", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3300" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:1207", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1207.html" - }, - { - "name" : "SUSE-SU-2015:1268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:1269", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" - }, - { - "name" : "SUSE-SU-2015:1449", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "openSUSE-SU-2015:1229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" - }, - { - "name" : "USN-2656-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2656-1" - }, - { - "name" : "USN-2656-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2656-2" - }, - { - "name" : "75541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75541" - }, - { - "name" : "1032783", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a \"type confusion\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1142210", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1142210" + }, + { + "name": "SUSE-SU-2015:1268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "75541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75541" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-61.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-61.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "RHSA-2015:1207", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1207.html" + }, + { + "name": "SUSE-SU-2015:1269", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "USN-2656-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2656-1" + }, + { + "name": "SUSE-SU-2015:1449", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" + }, + { + "name": "1032783", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032783" + }, + { + "name": "DSA-3300", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3300" + }, + { + "name": "USN-2656-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2656-2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2763.json b/2015/2xxx/CVE-2015-2763.json index b3bcdf23ee7..33e2dc5673a 100644 --- a/2015/2xxx/CVE-2015-2763.json +++ b/2015/2xxx/CVE-2015-2763.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" - }, - { - "name" : "73415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" + }, + { + "name": "73415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73415" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2781.json b/2015/2xxx/CVE-2015-2781.json index 12dcae61d80..36d38374da9 100644 --- a/2015/2xxx/CVE-2015-2781.json +++ b/2015/2xxx/CVE-2015-2781.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150405 HotExBilling Manager Cross-site scripting (XSS) vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535186/100/0/threaded" - }, - { - "name" : "20150408 HotExBilling Manager - Cross-site scriptin g (XSS) vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Apr/18" - }, - { - "name" : "http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html" - }, - { - "name" : "73941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73941" + }, + { + "name": "http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html" + }, + { + "name": "20150405 HotExBilling Manager Cross-site scripting (XSS) vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535186/100/0/threaded" + }, + { + "name": "20150408 HotExBilling Manager - Cross-site scriptin g (XSS) vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Apr/18" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2896.json b/2015/2xxx/CVE-2015-2896.json index 89c998e18b4..3fd65bd7758 100644 --- a/2015/2xxx/CVE-2015-2896.json +++ b/2015/2xxx/CVE-2015-2896.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#377260", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/377260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#377260", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/377260" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2931.json b/2015/2xxx/CVE-2015-2931.json index 0e53fa37ee3..18e47e0e3a2 100644 --- a/2015/2xxx/CVE-2015-2931.json +++ b/2015/2xxx/CVE-2015-2931.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html" - }, - { - "name" : "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/01/1" - }, - { - "name" : "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/07/3" - }, - { - "name" : "https://phabricator.wikimedia.org/T85850", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T85850" - }, - { - "name" : "GLSA-201510-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-05" - }, - { - "name" : "MDVSA-2015:200", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200" - }, - { - "name" : "73477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201510-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-05" + }, + { + "name": "MDVSA-2015:200", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200" + }, + { + "name": "73477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73477" + }, + { + "name": "https://phabricator.wikimedia.org/T85850", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T85850" + }, + { + "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3" + }, + { + "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1" + }, + { + "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6022.json b/2015/6xxx/CVE-2015-6022.json index 3ae55da6322..1ac79c0975a 100644 --- a/2015/6xxx/CVE-2015-6022.json +++ b/2015/6xxx/CVE-2015-6022.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-6022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#444472", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/444472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#444472", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/444472" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6533.json b/2015/6xxx/CVE-2015-6533.json index 648ea5c87be..1232f7893c2 100644 --- a/2015/6xxx/CVE-2015-6533.json +++ b/2015/6xxx/CVE-2015-6533.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6533", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6533", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0068.json b/2016/0xxx/CVE-2016-0068.json index bec29384b95..3f3db83ed1d 100644 --- a/2016/0xxx/CVE-2016-0068.json +++ b/2016/0xxx/CVE-2016-0068.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0069." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009" - }, - { - "name" : "1034971", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0069." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034971", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034971" + }, + { + "name": "MS16-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0230.json b/2016/0xxx/CVE-2016-0230.json index 9a1dc266389..7a83017fb1f 100644 --- a/2016/0xxx/CVE-2016-0230.json +++ b/2016/0xxx/CVE-2016-0230.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021387", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021387" - }, - { - "name" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/069vc/2/MH01635.readme.html", - "refsource" : "CONFIRM", - "url" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/069vc/2/MH01635.readme.html" - }, - { - "name" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/069y2/1/MH01636.readme.html", - "refsource" : "CONFIRM", - "url" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/069y2/1/MH01636.readme.html" - }, - { - "name" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1r/2/MH01638.readme.html", - "refsource" : "CONFIRM", - "url" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1r/2/MH01638.readme.html" - }, - { - "name" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1v/2/MH01639.readme.html", - "refsource" : "CONFIRM", - "url" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1v/2/MH01639.readme.html" - }, - { - "name" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a2q/1/MH01640.readme.html", - "refsource" : "CONFIRM", - "url" : "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a2q/1/MH01640.readme.html" - }, - { - "name" : "MB04021", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04021" - }, - { - "name" : "MB04022", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04022" - }, - { - "name" : "MB04023", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04023" - }, - { - "name" : "MB04024", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04024" - }, - { - "name" : "MB04025", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04025" - }, - { - "name" : "MB04026", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04026" - }, - { - "name" : "MB04027", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04027" - }, - { - "name" : "91535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MB04021", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04021" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021387", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021387" + }, + { + "name": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/069vc/2/MH01635.readme.html", + "refsource": "CONFIRM", + "url": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/069vc/2/MH01635.readme.html" + }, + { + "name": "MB04025", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04025" + }, + { + "name": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/069y2/1/MH01636.readme.html", + "refsource": "CONFIRM", + "url": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/069y2/1/MH01636.readme.html" + }, + { + "name": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1v/2/MH01639.readme.html", + "refsource": "CONFIRM", + "url": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1v/2/MH01639.readme.html" + }, + { + "name": "MB04023", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04023" + }, + { + "name": "MB04026", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04026" + }, + { + "name": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1r/2/MH01638.readme.html", + "refsource": "CONFIRM", + "url": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1r/2/MH01638.readme.html" + }, + { + "name": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a2q/1/MH01640.readme.html", + "refsource": "CONFIRM", + "url": "https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a2q/1/MH01640.readme.html" + }, + { + "name": "MB04022", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04022" + }, + { + "name": "MB04024", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04024" + }, + { + "name": "MB04027", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1MB04027" + }, + { + "name": "91535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91535" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0690.json b/2016/0xxx/CVE-2016-0690.json index 542c0e567b4..a5d391c78f6 100644 --- a/2016/0xxx/CVE-2016-0690.json +++ b/2016/0xxx/CVE-2016-0690.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "1035590", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035590", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035590" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0817.json b/2016/0xxx/CVE-2016-0817.json index 9d87f51d3f1..4a9f74d5961 100644 --- a/2016/0xxx/CVE-2016-0817.json +++ b/2016/0xxx/CVE-2016-0817.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0817", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-0817", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000202.json b/2016/1000xxx/CVE-2016-1000202.json index 428d8dbe7c8..ccf60fc7b63 100644 --- a/2016/1000xxx/CVE-2016-1000202.json +++ b/2016/1000xxx/CVE-2016-1000202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10011.json b/2016/10xxx/CVE-2016-10011.json index 121d40c9faf..b86dedd121f 100644 --- a/2016/10xxx/CVE-2016-10011.json +++ b/2016/10xxx/CVE-2016-10011.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161219 Announce: OpenSSH 7.4 released", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/19/2" - }, - { - "name" : "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" - }, - { - "name" : "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9", - "refsource" : "CONFIRM", - "url" : "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9" - }, - { - "name" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", - "refsource" : "CONFIRM", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637" - }, - { - "name" : "https://www.openssh.com/txt/release-7.4", - "refsource" : "CONFIRM", - "url" : "https://www.openssh.com/txt/release-7.4" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171130-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171130-0002/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us" - }, - { - "name" : "RHSA-2017:2029", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2029" - }, - { - "name" : "94977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94977" - }, - { - "name" : "1037490", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171130-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171130-0002/" + }, + { + "name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/19/2" + }, + { + "name": "1037490", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037490" + }, + { + "name": "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9", + "refsource": "CONFIRM", + "url": "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us" + }, + { + "name": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637", + "refsource": "CONFIRM", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637" + }, + { + "name": "RHSA-2017:2029", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2029" + }, + { + "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "name": "94977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94977" + }, + { + "name": "https://www.openssh.com/txt/release-7.4", + "refsource": "CONFIRM", + "url": "https://www.openssh.com/txt/release-7.4" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10090.json b/2016/10xxx/CVE-2016-10090.json index 2e60c6f5538..2a888bd43da 100644 --- a/2016/10xxx/CVE-2016-10090.json +++ b/2016/10xxx/CVE-2016-10090.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10090", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10090", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10677.json b/2016/10xxx/CVE-2016-10677.json index 9b14853c539..3be5d6a52e8 100644 --- a/2016/10xxx/CVE-2016-10677.json +++ b/2016/10xxx/CVE-2016-10677.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "google-closure-tools-latest node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "google-closure-tools-latest node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/274", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/274", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/274" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4179.json b/2016/4xxx/CVE-2016-4179.json index 481f2fa67bc..89c803b1475 100644 --- a/2016/4xxx/CVE-2016-4179.json +++ b/2016/4xxx/CVE-2016-4179.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40102", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40102/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" - }, - { - "name" : "MS16-093", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" - }, - { - "name" : "RHSA-2016:1423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1423" - }, - { - "name" : "SUSE-SU-2016:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" - }, - { - "name" : "91725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91725" - }, - { - "name" : "1036280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40102", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40102/" + }, + { + "name": "SUSE-SU-2016:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" + }, + { + "name": "openSUSE-SU-2016:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" + }, + { + "name": "91725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91725" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" + }, + { + "name": "RHSA-2016:1423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1423" + }, + { + "name": "MS16-093", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" + }, + { + "name": "1036280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036280" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4312.json b/2016/4xxx/CVE-2016-4312.json index b6dfef8a8c0..ac561d6f8e1 100644 --- a/2016/4xxx/CVE-2016-4312.json +++ b/2016/4xxx/CVE-2016-4312.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-4312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160813 WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539199/100/0/threaded" - }, - { - "name" : "40239", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40239/" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html" - }, - { - "name" : "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096", - "refsource" : "CONFIRM", - "url" : "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096" - }, - { - "name" : "92485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40239", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40239/" + }, + { + "name": "20160813 WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539199/100/0/threaded" + }, + { + "name": "92485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92485" + }, + { + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096", + "refsource": "CONFIRM", + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt" + }, + { + "name": "http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4901.json b/2016/4xxx/CVE-2016-4901.json index 71f1bd25a03..b4e061200eb 100644 --- a/2016/4xxx/CVE-2016-4901.json +++ b/2016/4xxx/CVE-2016-4901.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-4901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installer of e-Tax Software", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - } - ] - }, - "vendor_name" : "National Tax Agency" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of e-Tax Software", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + }, + "vendor_name": "National Tax Agency" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.e-tax.nta.go.jp/topics/topics_281014.htm", - "refsource" : "MISC", - "url" : "http://www.e-tax.nta.go.jp/topics/topics_281014.htm" - }, - { - "name" : "JVN#63012325", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN63012325/index.html" - }, - { - "name" : "JVNDB-2016-000207", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000207" - }, - { - "name" : "93606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#63012325", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN63012325/index.html" + }, + { + "name": "JVNDB-2016-000207", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000207" + }, + { + "name": "http://www.e-tax.nta.go.jp/topics/topics_281014.htm", + "refsource": "MISC", + "url": "http://www.e-tax.nta.go.jp/topics/topics_281014.htm" + }, + { + "name": "93606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93606" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9130.json b/2016/9xxx/CVE-2016-9130.json index 35392a6df88..28494d22eda 100644 --- a/2016/9xxx/CVE-2016-9130.json +++ b/2016/9xxx/CVE-2016-9130.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-9130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Revive Adserver All versions before 3.2.3", - "version" : { - "version_data" : [ - { - "version_value" : "Revive Adserver All versions before 3.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-9130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Revive Adserver All versions before 3.2.3", + "version": { + "version_data": [ + { + "version_value": "Revive Adserver All versions before 3.2.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83", - "refsource" : "MISC", - "url" : "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83" - }, - { - "name" : "https://www.revive-adserver.com/security/revive-sa-2016-001/", - "refsource" : "MISC", - "url" : "https://www.revive-adserver.com/security/revive-sa-2016-001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.revive-adserver.com/security/revive-sa-2016-001/", + "refsource": "MISC", + "url": "https://www.revive-adserver.com/security/revive-sa-2016-001/" + }, + { + "name": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83", + "refsource": "MISC", + "url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9195.json b/2016/9xxx/CVE-2016-9195.json index 1710ec2ac08..3bebbd16da9 100644 --- a/2016/9xxx/CVE-2016-9195.json +++ b/2016/9xxx/CVE-2016-9195.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-9195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wireless LAN Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Wireless LAN Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-9195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wireless LAN Controller", + "version": { + "version_data": [ + { + "version_value": "Cisco Wireless LAN Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1" - }, - { - "name" : "97425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97425" - }, - { - "name" : "1038188", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97425" + }, + { + "name": "1038188", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038188" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9923.json b/2016/9xxx/CVE-2016-9923.json index e1c0bc58162..51bad595170 100644 --- a/2016/9xxx/CVE-2016-9923.json +++ b/2016/9xxx/CVE-2016-9923.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161209 Re: CVE request Qemu: char: use after free issue in char backend", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/09/2" - }, - { - "name" : "GLSA-201701-49", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-49" - }, - { - "name" : "94827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161209 Re: CVE request Qemu: char: use after free issue in char backend", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/09/2" + }, + { + "name": "GLSA-201701-49", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-49" + }, + { + "name": "94827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94827" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2227.json b/2019/2xxx/CVE-2019-2227.json index 00b5b3609e8..c7e78d2ffa4 100644 --- a/2019/2xxx/CVE-2019-2227.json +++ b/2019/2xxx/CVE-2019-2227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2227", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2227", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2619.json b/2019/2xxx/CVE-2019-2619.json index 1b5fe4be260..3e0df59120a 100644 --- a/2019/2xxx/CVE-2019-2619.json +++ b/2019/2xxx/CVE-2019-2619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2619", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2619", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3024.json b/2019/3xxx/CVE-2019-3024.json index ece62e80ebb..b138448e5c3 100644 --- a/2019/3xxx/CVE-2019-3024.json +++ b/2019/3xxx/CVE-2019-3024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3024", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3024", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3322.json b/2019/3xxx/CVE-2019-3322.json index 96315763dde..a8821f6c88e 100644 --- a/2019/3xxx/CVE-2019-3322.json +++ b/2019/3xxx/CVE-2019-3322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3322", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3322", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3554.json b/2019/3xxx/CVE-2019-3554.json index e72f9577bad..2849b607be1 100644 --- a/2019/3xxx/CVE-2019-3554.json +++ b/2019/3xxx/CVE-2019-3554.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@fb.com", - "DATE_ASSIGNED" : "2019-01-08", - "ID" : "CVE-2019-3554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Wangle", - "version" : { - "version_data" : [ - { - "version_affected" : "!=>", - "version_value" : "v2019.01.14.00" - }, - { - "version_affected" : "<", - "version_value" : "v2019.01.14.00" - } - ] - } - } - ] - }, - "vendor_name" : "Facebook" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2019-01-08", + "ID": "CVE-2019-3554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wangle", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "v2019.01.14.00" + }, + { + "version_affected": "<", + "version_value": "v2019.01.14.00" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/facebook/wangle/commit/3b17ba10a82c71e7808760e027ac6af687e06074", - "refsource" : "MISC", - "url" : "https://github.com/facebook/wangle/commit/3b17ba10a82c71e7808760e027ac6af687e06074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/wangle/commit/3b17ba10a82c71e7808760e027ac6af687e06074", + "refsource": "MISC", + "url": "https://github.com/facebook/wangle/commit/3b17ba10a82c71e7808760e027ac6af687e06074" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3829.json b/2019/3xxx/CVE-2019-3829.json index 293bec79c66..3442c105de3 100644 --- a/2019/3xxx/CVE-2019-3829.json +++ b/2019/3xxx/CVE-2019-3829.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3829", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3829", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6048.json b/2019/6xxx/CVE-2019-6048.json index c06bbbda3fe..928f1dd4a69 100644 --- a/2019/6xxx/CVE-2019-6048.json +++ b/2019/6xxx/CVE-2019-6048.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6048", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6048", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6111.json b/2019/6xxx/CVE-2019-6111.json index 5ba2dd1ebe6..181db45e270 100644 --- a/2019/6xxx/CVE-2019-6111.json +++ b/2019/6xxx/CVE-2019-6111.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46193", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46193/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1677794" - }, - { - "name" : "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", - "refsource" : "MISC", - "url" : "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" - }, - { - "name" : "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", - "refsource" : "MISC", - "url" : "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190213-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190213-0001/" - }, - { - "name" : "DSA-4387", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4387" - }, - { - "name" : "USN-3885-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3885-1/" - }, - { - "name" : "USN-3885-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3885-2/" - }, - { - "name" : "106741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4387", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4387" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190213-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" + }, + { + "name": "106741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106741" + }, + { + "name": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", + "refsource": "MISC", + "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" + }, + { + "name": "USN-3885-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3885-1/" + }, + { + "name": "USN-3885-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3885-2/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794" + }, + { + "name": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", + "refsource": "MISC", + "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" + }, + { + "name": "46193", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46193/" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6719.json b/2019/6xxx/CVE-2019-6719.json index d8a16779fb2..989a4d3a20c 100644 --- a/2019/6xxx/CVE-2019-6719.json +++ b/2019/6xxx/CVE-2019-6719.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mz-automation/libiec61850/issues/111", - "refsource" : "MISC", - "url" : "https://github.com/mz-automation/libiec61850/issues/111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mz-automation/libiec61850/issues/111", + "refsource": "MISC", + "url": "https://github.com/mz-automation/libiec61850/issues/111" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7070.json b/2019/7xxx/CVE-2019-7070.json index db53656ed5b..90398c616e3 100644 --- a/2019/7xxx/CVE-2019-7070.json +++ b/2019/7xxx/CVE-2019-7070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7070", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7070", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7316.json b/2019/7xxx/CVE-2019-7316.json index 47a6bb1de4f..ea279c91f9a 100644 --- a/2019/7xxx/CVE-2019-7316.json +++ b/2019/7xxx/CVE-2019-7316.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/eddietcc/CVEnotes/tree/master/Chat2", - "refsource" : "MISC", - "url" : "https://github.com/eddietcc/CVEnotes/tree/master/Chat2" - }, - { - "name" : "https://packetstormsecurity.com/files/125780", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/125780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/eddietcc/CVEnotes/tree/master/Chat2", + "refsource": "MISC", + "url": "https://github.com/eddietcc/CVEnotes/tree/master/Chat2" + }, + { + "name": "https://packetstormsecurity.com/files/125780", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/125780" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7751.json b/2019/7xxx/CVE-2019-7751.json index 56f80c4e3b2..3190179ab98 100644 --- a/2019/7xxx/CVE-2019-7751.json +++ b/2019/7xxx/CVE-2019-7751.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7751", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7751", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7781.json b/2019/7xxx/CVE-2019-7781.json index 714e41abb22..896666b1931 100644 --- a/2019/7xxx/CVE-2019-7781.json +++ b/2019/7xxx/CVE-2019-7781.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7781", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7781", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8092.json b/2019/8xxx/CVE-2019-8092.json index 7c62083d779..43d7c4f2129 100644 --- a/2019/8xxx/CVE-2019-8092.json +++ b/2019/8xxx/CVE-2019-8092.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8092", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8092", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8239.json b/2019/8xxx/CVE-2019-8239.json index e48aaa38557..92e91546b48 100644 --- a/2019/8xxx/CVE-2019-8239.json +++ b/2019/8xxx/CVE-2019-8239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8659.json b/2019/8xxx/CVE-2019-8659.json index 282917ef6b5..0e9203ec762 100644 --- a/2019/8xxx/CVE-2019-8659.json +++ b/2019/8xxx/CVE-2019-8659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8659", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8659", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9268.json b/2019/9xxx/CVE-2019-9268.json index e539ad3f62a..53567643732 100644 --- a/2019/9xxx/CVE-2019-9268.json +++ b/2019/9xxx/CVE-2019-9268.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9268", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9268", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9275.json b/2019/9xxx/CVE-2019-9275.json index 29cc80f68cf..60a6f6e4b0e 100644 --- a/2019/9xxx/CVE-2019-9275.json +++ b/2019/9xxx/CVE-2019-9275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9275", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9275", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9809.json b/2019/9xxx/CVE-2019-9809.json index 5ea9bf45679..cebacdeffb2 100644 --- a/2019/9xxx/CVE-2019-9809.json +++ b/2019/9xxx/CVE-2019-9809.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9809", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9809", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file