diff --git a/1999/0xxx/CVE-1999-0871.json b/1999/0xxx/CVE-1999-0871.json index 52c5e013a13..8dd0472630a 100644 --- a/1999/0xxx/CVE-1999-0871.json +++ b/1999/0xxx/CVE-1999-0871.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the \"Cross Frame Navigate\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS98-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-013" - }, - { - "name" : "7837", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7837" - }, - { - "name" : "ie-crossframe-file-read(3668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the \"Cross Frame Navigate\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7837", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7837" + }, + { + "name": "ie-crossframe-file-read(3668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3668" + }, + { + "name": "MS98-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-013" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0961.json b/1999/0xxx/CVE-1999-0961.json index d3c4052bd76..d80304799e7 100644 --- a/1999/0xxx/CVE-1999-0961.json +++ b/1999/0xxx/CVE-1999-0961.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19960921 Vunerability in HP sysdiag ?", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87602167419906&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19960921 Vunerability in HP sysdiag ?", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87602167419906&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0324.json b/2007/0xxx/CVE-2007-0324.json index e01f6d26e3b..ef2c8e1d08d 100644 --- a/2007/0xxx/CVE-2007-0324.json +++ b/2007/0xxx/CVE-2007-0324.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-0324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070215 Lizardtech DjVu Browser Plug-in - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460197/100/0/threaded" - }, - { - "name" : "http://www.lizardtech.com/products/doc/djvupluginrelease.php", - "refsource" : "MISC", - "url" : "http://www.lizardtech.com/products/doc/djvupluginrelease.php" - }, - { - "name" : "VU#522393", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/522393" - }, - { - "name" : "22569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22569" - }, - { - "name" : "ADV-2007-0618", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0618" - }, - { - "name" : "33199", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33199" - }, - { - "name" : "24149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24149" - }, - { - "name" : "2259", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2259" - }, - { - "name" : "djvu-browser-multiple-bo(32510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2259", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2259" + }, + { + "name": "33199", + "refsource": "OSVDB", + "url": "http://osvdb.org/33199" + }, + { + "name": "djvu-browser-multiple-bo(32510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32510" + }, + { + "name": "ADV-2007-0618", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0618" + }, + { + "name": "24149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24149" + }, + { + "name": "22569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22569" + }, + { + "name": "VU#522393", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/522393" + }, + { + "name": "http://www.lizardtech.com/products/doc/djvupluginrelease.php", + "refsource": "MISC", + "url": "http://www.lizardtech.com/products/doc/djvupluginrelease.php" + }, + { + "name": "20070215 Lizardtech DjVu Browser Plug-in - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460197/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0421.json b/2007/0xxx/CVE-2007-0421.json index f754746de59..5a3d2c81387 100644 --- a/2007/0xxx/CVE-2007-0421.json +++ b/2007/0xxx/CVE-2007-0421.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA07-148.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/215" - }, - { - "name" : "22082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22082" - }, - { - "name" : "ADV-2007-0213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0213" - }, - { - "name" : "32859", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32859" - }, - { - "name" : "1017525", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017525" - }, - { - "name" : "23750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017525", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017525" + }, + { + "name": "23750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23750" + }, + { + "name": "22082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22082" + }, + { + "name": "32859", + "refsource": "OSVDB", + "url": "http://osvdb.org/32859" + }, + { + "name": "BEA07-148.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/215" + }, + { + "name": "ADV-2007-0213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0213" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0904.json b/2007/0xxx/CVE-2007-0904.json index a8d70dec05b..66a7398901a 100644 --- a/2007/0xxx/CVE-2007-0904.json +++ b/2007/0xxx/CVE-2007-0904.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3286", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3286" - }, - { - "name" : "ADV-2007-0540", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0540" - }, - { - "name" : "34598", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34598" - }, - { - "name" : "lightro-index-sql-injection(32347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34598", + "refsource": "OSVDB", + "url": "http://osvdb.org/34598" + }, + { + "name": "lightro-index-sql-injection(32347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32347" + }, + { + "name": "ADV-2007-0540", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0540" + }, + { + "name": "3286", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3286" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1003.json b/2007/1xxx/CVE-2007-1003.json index 66925ce8785..53b9647b70b 100644 --- a/2007/1xxx/CVE-2007-1003.json +++ b/2007/1xxx/CVE-2007-1003.json @@ -1,272 +1,272 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-1003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070403 Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=503" - }, - { - "name" : "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464686/100/0/threaded" - }, - { - "name" : "20070405 FLEA-2007-0009-1: xorg-x11 freetype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464816/100/0/threaded" - }, - { - "name" : "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" - }, - { - "name" : "http://issues.foresightlinux.org/browse/FL-223", - "refsource" : "CONFIRM", - "url" : "http://issues.foresightlinux.org/browse/FL-223" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1213", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1213" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" - }, - { - "name" : "DSA-1294", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1294" - }, - { - "name" : "GLSA-200705-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-10.xml" - }, - { - "name" : "MDKSA-2007:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" - }, - { - "name" : "MDKSA-2007:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" - }, - { - "name" : "[3.9] 021: SECURITY FIX: April 4, 2007", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata39.html#021_xorg" - }, - { - "name" : "[4.0] 011: SECURITY FIX: April 4, 2007", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata40.html#011_xorg" - }, - { - "name" : "RHSA-2007:0126", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0126.html" - }, - { - "name" : "RHSA-2007:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0125.html" - }, - { - "name" : "RHSA-2007:0127", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0127.html" - }, - { - "name" : "102886", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" - }, - { - "name" : "SUSE-SA:2007:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_27_x.html" - }, - { - "name" : "SUSE-SR:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" - }, - { - "name" : "USN-448-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-448-1" - }, - { - "name" : "23284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23284" - }, - { - "name" : "23300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23300" - }, - { - "name" : "oval:org.mitre.oval:def:9798", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9798" - }, - { - "name" : "ADV-2007-1217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1217" - }, - { - "name" : "ADV-2007-1548", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1548" - }, - { - "name" : "oval:org.mitre.oval:def:1980", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1980" - }, - { - "name" : "1017857", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017857" - }, - { - "name" : "24741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24741" - }, - { - "name" : "24756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24756" - }, - { - "name" : "24770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24770" - }, - { - "name" : "24745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24745" - }, - { - "name" : "24758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24758" - }, - { - "name" : "24765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24765" - }, - { - "name" : "24771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24771" - }, - { - "name" : "24772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24772" - }, - { - "name" : "24791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24791" - }, - { - "name" : "25004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25004" - }, - { - "name" : "25006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25006" - }, - { - "name" : "25195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25195" - }, - { - "name" : "25216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25216" - }, - { - "name" : "25305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25305" - }, - { - "name" : "29622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29622" - }, - { - "name" : "xorg-xcmisc-overflow(33424)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070403 Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=503" + }, + { + "name": "23284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23284" + }, + { + "name": "24745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24745" + }, + { + "name": "oval:org.mitre.oval:def:1980", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1980" + }, + { + "name": "29622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29622" + }, + { + "name": "SUSE-SR:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" + }, + { + "name": "24771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24771" + }, + { + "name": "24770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24770" + }, + { + "name": "25006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25006" + }, + { + "name": "24756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24756" + }, + { + "name": "RHSA-2007:0126", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" + }, + { + "name": "23300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23300" + }, + { + "name": "GLSA-200705-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" + }, + { + "name": "USN-448-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-448-1" + }, + { + "name": "MDKSA-2007:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" + }, + { + "name": "24758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24758" + }, + { + "name": "1017857", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017857" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" + }, + { + "name": "25195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25195" + }, + { + "name": "RHSA-2007:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" + }, + { + "name": "24741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24741" + }, + { + "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" + }, + { + "name": "24791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24791" + }, + { + "name": "SUSE-SA:2007:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" + }, + { + "name": "RHSA-2007:0127", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0127.html" + }, + { + "name": "DSA-1294", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1294" + }, + { + "name": "24765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24765" + }, + { + "name": "25216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25216" + }, + { + "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" + }, + { + "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" + }, + { + "name": "xorg-xcmisc-overflow(33424)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33424" + }, + { + "name": "ADV-2007-1548", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1548" + }, + { + "name": "102886", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" + }, + { + "name": "ADV-2007-1217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1217" + }, + { + "name": "[4.0] 011: SECURITY FIX: April 4, 2007", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata40.html#011_xorg" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1213", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1213" + }, + { + "name": "25004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25004" + }, + { + "name": "25305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25305" + }, + { + "name": "24772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24772" + }, + { + "name": "[3.9] 021: SECURITY FIX: April 4, 2007", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata39.html#021_xorg" + }, + { + "name": "oval:org.mitre.oval:def:9798", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9798" + }, + { + "name": "http://issues.foresightlinux.org/browse/FL-223", + "refsource": "CONFIRM", + "url": "http://issues.foresightlinux.org/browse/FL-223" + }, + { + "name": "MDKSA-2007:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1268.json b/2007/1xxx/CVE-2007-1268.json index 9e5bb618bf7..6e86e4ac7b8 100644 --- a/2007/1xxx/CVE-2007-1268.json +++ b/2007/1xxx/CVE-2007-1268.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability ", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461958/100/0/threaded" - }, - { - "name" : "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461958/30/7710/threaded" - }, - { - "name" : "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME", - "refsource" : "MLIST", - "url" : "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=1687", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=1687" - }, - { - "name" : "22778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22778" - }, - { - "name" : "ADV-2007-0835", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0835" - }, - { - "name" : "1017727", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017727" - }, - { - "name" : "24415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24415" - }, - { - "name" : "2353", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME", + "refsource": "MLIST", + "url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html" + }, + { + "name": "24415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24415" + }, + { + "name": "2353", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2353" + }, + { + "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=1687", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=1687" + }, + { + "refsource": "BUGTRAQ", + "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", + "url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded" + }, + { + "name": "22778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22778" + }, + { + "name": "1017727", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017727" + }, + { + "name": "ADV-2007-0835", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0835" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1292.json b/2007/1xxx/CVE-2007-1292.json index fd52fbe464b..0618430d3b2 100644 --- a/2007/1xxx/CVE-2007-1292.json +++ b/2007/1xxx/CVE-2007-1292.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances \"almost impossible to achieve.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3387", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3387" - }, - { - "name" : "http://www.vbulletin.com/forum/showthread.php?postid=1314422", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/showthread.php?postid=1314422" - }, - { - "name" : "22780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22780" - }, - { - "name" : "33835", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33835" - }, - { - "name" : "24341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24341" - }, - { - "name" : "vbulletin-inlinemod-sql-injection(32746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances \"almost impossible to achieve.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33835", + "refsource": "OSVDB", + "url": "http://osvdb.org/33835" + }, + { + "name": "http://www.vbulletin.com/forum/showthread.php?postid=1314422", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/showthread.php?postid=1314422" + }, + { + "name": "24341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24341" + }, + { + "name": "vbulletin-inlinemod-sql-injection(32746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32746" + }, + { + "name": "3387", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3387" + }, + { + "name": "22780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22780" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1521.json b/2007/1xxx/CVE-2007-1521.json index 4fab39cedf7..de4abcf12ac 100644 --- a/2007/1xxx/CVE-2007-1521.json +++ b/2007/1xxx/CVE-2007-1521.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php-security.org/MOPB/MOPB-22-2007.html", - "refsource" : "MISC", - "url" : "http://www.php-security.org/MOPB/MOPB-22-2007.html" - }, - { - "name" : "http://us2.php.net/releases/4_4_7.php", - "refsource" : "CONFIRM", - "url" : "http://us2.php.net/releases/4_4_7.php" - }, - { - "name" : "http://us2.php.net/releases/5_2_2.php", - "refsource" : "CONFIRM", - "url" : "http://us2.php.net/releases/5_2_2.php" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "DSA-1282", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1282" - }, - { - "name" : "DSA-1283", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1283" - }, - { - "name" : "GLSA-200705-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-19.xml" - }, - { - "name" : "SUSE-SA:2007:032", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_32_php.html" - }, - { - "name" : "USN-455-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-455-1" - }, - { - "name" : "22968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22968" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "ADV-2007-0960", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0960" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "24505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24505" - }, - { - "name" : "25025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25025" - }, - { - "name" : "25062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25062" - }, - { - "name" : "25057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25057" - }, - { - "name" : "25056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25056" - }, - { - "name" : "25445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25445" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0960", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0960" + }, + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "25056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25056" + }, + { + "name": "DSA-1283", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1283" + }, + { + "name": "24505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24505" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "GLSA-200705-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml" + }, + { + "name": "http://us2.php.net/releases/4_4_7.php", + "refsource": "CONFIRM", + "url": "http://us2.php.net/releases/4_4_7.php" + }, + { + "name": "25062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25062" + }, + { + "name": "USN-455-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-455-1" + }, + { + "name": "DSA-1282", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1282" + }, + { + "name": "http://us2.php.net/releases/5_2_2.php", + "refsource": "CONFIRM", + "url": "http://us2.php.net/releases/5_2_2.php" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "http://www.php-security.org/MOPB/MOPB-22-2007.html", + "refsource": "MISC", + "url": "http://www.php-security.org/MOPB/MOPB-22-2007.html" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "25445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25445" + }, + { + "name": "25057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25057" + }, + { + "name": "SUSE-SA:2007:032", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html" + }, + { + "name": "25025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25025" + }, + { + "name": "22968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22968" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1651.json b/2007/1xxx/CVE-2007-1651.json index 4e442b8f4da..1a4d0125a8c 100644 --- a/2007/1xxx/CVE-2007-1651.json +++ b/2007/1xxx/CVE-2007-1651.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security] 20070321 MyOpenID", - "refsource" : "MLIST", - "url" : "http://openid.net/pipermail/security/2007-March/000286.html" - }, - { - "name" : "[security] 20070321 MyOpenID", - "refsource" : "MLIST", - "url" : "http://openid.net/pipermail/security/2007-March/000288.html" - }, - { - "name" : "[security] 20070321 MyOpenID", - "refsource" : "MLIST", - "url" : "http://openid.net/pipermail/security/2007-March/000291.html" - }, - { - "name" : "[security] 20070321 MyOpenID", - "refsource" : "MLIST", - "url" : "http://openid.net/pipermail/security/2007-March/000306.html" - }, - { - "name" : "[security] 20070322 MyOpenID", - "refsource" : "MLIST", - "url" : "http://openid.net/pipermail/security/2007-March/000311.html" - }, - { - "name" : "http://janrain.com/blog/2007/03/22/myopenid-security-fix/", - "refsource" : "MISC", - "url" : "http://janrain.com/blog/2007/03/22/myopenid-security-fix/" - }, - { - "name" : "43600", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[security] 20070321 MyOpenID", + "refsource": "MLIST", + "url": "http://openid.net/pipermail/security/2007-March/000286.html" + }, + { + "name": "[security] 20070321 MyOpenID", + "refsource": "MLIST", + "url": "http://openid.net/pipermail/security/2007-March/000288.html" + }, + { + "name": "[security] 20070321 MyOpenID", + "refsource": "MLIST", + "url": "http://openid.net/pipermail/security/2007-March/000306.html" + }, + { + "name": "[security] 20070322 MyOpenID", + "refsource": "MLIST", + "url": "http://openid.net/pipermail/security/2007-March/000311.html" + }, + { + "name": "http://janrain.com/blog/2007/03/22/myopenid-security-fix/", + "refsource": "MISC", + "url": "http://janrain.com/blog/2007/03/22/myopenid-security-fix/" + }, + { + "name": "43600", + "refsource": "OSVDB", + "url": "http://osvdb.org/43600" + }, + { + "name": "[security] 20070321 MyOpenID", + "refsource": "MLIST", + "url": "http://openid.net/pipermail/security/2007-March/000291.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5201.json b/2007/5xxx/CVE-2007-5201.json index 51804dfe621..ad71a33893a 100644 --- a/2007/5xxx/CVE-2007-5201.json +++ b/2007/5xxx/CVE-2007-5201.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=293081", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=293081" - }, - { - "name" : "http://duplicity.nongnu.org/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://duplicity.nongnu.org/CHANGELOG" - }, - { - "name" : "FEDORA-2008-1521", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00356.html" - }, - { - "name" : "FEDORA-2008-1584", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00445.html" - }, - { - "name" : "27771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27771" - }, - { - "name" : "42339", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42339" - }, - { - "name" : "28917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840" + }, + { + "name": "27771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27771" + }, + { + "name": "FEDORA-2008-1521", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00356.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=293081", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=293081" + }, + { + "name": "28917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28917" + }, + { + "name": "http://duplicity.nongnu.org/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://duplicity.nongnu.org/CHANGELOG" + }, + { + "name": "42339", + "refsource": "OSVDB", + "url": "http://osvdb.org/42339" + }, + { + "name": "FEDORA-2008-1584", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00445.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5251.json b/2007/5xxx/CVE-2007-5251.json index 8870c7bacba..4498fd865c3 100644 --- a/2007/5xxx/CVE-2007-5251.json +++ b/2007/5xxx/CVE-2007-5251.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html" - }, - { - "name" : "25940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25940" - }, - { - "name" : "27080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27080" - }, - { - "name" : "helm-domain-filemanager-xss(36962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html" + }, + { + "name": "25940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25940" + }, + { + "name": "helm-domain-filemanager-xss(36962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36962" + }, + { + "name": "27080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27080" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5488.json b/2007/5xxx/CVE-2007-5488.json index 62965d5d9ea..4a1448248ca 100644 --- a/2007/5xxx/CVE-2007-5488.json +++ b/2007/5xxx/CVE-2007-5488.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071017 AST-2007-023: SQL Injection POC and details", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066744.html" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2007-023.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2007-023.html" - }, - { - "name" : "26095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26095" - }, - { - "name" : "37880", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37880" - }, - { - "name" : "1018824", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018824" - }, - { - "name" : "27278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27278" - }, - { - "name" : "asterisk-cdraddonmysql-sql-injection(37235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37880", + "refsource": "OSVDB", + "url": "http://osvdb.org/37880" + }, + { + "name": "asterisk-cdraddonmysql-sql-injection(37235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37235" + }, + { + "name": "1018824", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018824" + }, + { + "name": "27278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27278" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2007-023.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2007-023.html" + }, + { + "name": "26095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26095" + }, + { + "name": "20071017 AST-2007-023: SQL Injection POC and details", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066744.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5881.json b/2007/5xxx/CVE-2007-5881.json index eb5206fb2cb..55421836fa5 100644 --- a/2007/5xxx/CVE-2007-5881.json +++ b/2007/5xxx/CVE-2007-5881.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5881", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5881", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5998.json b/2007/5xxx/CVE-2007-5998.json index 9604453a803..f0a5afec65b 100644 --- a/2007/5xxx/CVE-2007-5998.json +++ b/2007/5xxx/CVE-2007-5998.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4618", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4618" - }, - { - "name" : "26400", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26400" - }, - { - "name" : "softbiz-admanagement-ads-sql-injection(38400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26400" + }, + { + "name": "softbiz-admanagement-ads-sql-injection(38400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38400" + }, + { + "name": "4618", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4618" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3202.json b/2015/3xxx/CVE-2015-3202.json index 8794b950316..0c6c23050f4 100644 --- a/2015/3xxx/CVE-2015-3202.json +++ b/2015/3xxx/CVE-2015-3202.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37089", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37089/" - }, - { - "name" : "[oss-security] 20150521 CVE-2015-3202 fuse privilege escalation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/05/21/9" - }, - { - "name" : "https://gist.github.com/taviso/ecb70eb12d461dd85cba", - "refsource" : "MISC", - "url" : "https://gist.github.com/taviso/ecb70eb12d461dd85cba" - }, - { - "name" : "https://twitter.com/taviso/status/601370527437967360", - "refsource" : "MISC", - "url" : "https://twitter.com/taviso/status/601370527437967360" - }, - { - "name" : "http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html" - }, - { - "name" : "DSA-3266", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3266" - }, - { - "name" : "DSA-3268", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3268" - }, - { - "name" : "FEDORA-2015-8751", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html" - }, - { - "name" : "FEDORA-2015-8756", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html" - }, - { - "name" : "FEDORA-2015-8771", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html" - }, - { - "name" : "FEDORA-2015-8773", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html" - }, - { - "name" : "FEDORA-2015-8777", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html" - }, - { - "name" : "FEDORA-2015-8782", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html" - }, - { - "name" : "GLSA-201603-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-04" - }, - { - "name" : "GLSA-201701-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-19" - }, - { - "name" : "openSUSE-SU-2015:0997", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html" - }, - { - "name" : "openSUSE-SU-2015:1003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html" - }, - { - "name" : "USN-2617-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2617-1" - }, - { - "name" : "USN-2617-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2617-2" - }, - { - "name" : "USN-2617-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2617-3" - }, - { - "name" : "74765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74765" - }, - { - "name" : "1032386", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3268", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3268" + }, + { + "name": "USN-2617-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2617-1" + }, + { + "name": "FEDORA-2015-8771", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html" + }, + { + "name": "FEDORA-2015-8782", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html" + }, + { + "name": "FEDORA-2015-8751", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html" + }, + { + "name": "1032386", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032386" + }, + { + "name": "https://gist.github.com/taviso/ecb70eb12d461dd85cba", + "refsource": "MISC", + "url": "https://gist.github.com/taviso/ecb70eb12d461dd85cba" + }, + { + "name": "74765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74765" + }, + { + "name": "FEDORA-2015-8773", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html" + }, + { + "name": "openSUSE-SU-2015:1003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html" + }, + { + "name": "DSA-3266", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3266" + }, + { + "name": "GLSA-201603-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-04" + }, + { + "name": "USN-2617-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2617-2" + }, + { + "name": "FEDORA-2015-8777", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html" + }, + { + "name": "FEDORA-2015-8756", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html" + }, + { + "name": "GLSA-201701-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-19" + }, + { + "name": "[oss-security] 20150521 CVE-2015-3202 fuse privilege escalation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/05/21/9" + }, + { + "name": "openSUSE-SU-2015:0997", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html" + }, + { + "name": "http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html" + }, + { + "name": "https://twitter.com/taviso/status/601370527437967360", + "refsource": "MISC", + "url": "https://twitter.com/taviso/status/601370527437967360" + }, + { + "name": "37089", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37089/" + }, + { + "name": "USN-2617-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2617-3" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3204.json b/2015/3xxx/CVE-2015-3204.json index f41b45de2e7..3381ecf7918 100644 --- a/2015/3xxx/CVE-2015-3204.json +++ b/2015/3xxx/CVE-2015-3204.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt", - "refsource" : "CONFIRM", - "url" : "https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt" - }, - { - "name" : "GLSA-201603-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-13" - }, - { - "name" : "RHSA-2015:1154", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1154.html" - }, - { - "name" : "75392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt", + "refsource": "CONFIRM", + "url": "https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt" + }, + { + "name": "RHSA-2015:1154", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1154.html" + }, + { + "name": "GLSA-201603-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-13" + }, + { + "name": "75392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75392" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3233.json b/2015/3xxx/CVE-2015-3233.json index 146c7cc4155..b0773b5a6a0 100644 --- a/2015/3xxx/CVE-2015-3233.json +++ b/2015/3xxx/CVE-2015-3233.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" - }, - { - "name" : "https://www.drupal.org/node/2507729", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2507729" - }, - { - "name" : "https://www.drupal.org/node/2507735", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2507735" - }, - { - "name" : "https://www.drupal.org/node/2507741", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2507741" - }, - { - "name" : "https://www.drupal.org/SA-CORE-2015-002", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2015-002" - }, - { - "name" : "https://www.drupal.org/node/2507535", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2507535" - }, - { - "name" : "https://www.drupal.org/node/2507555", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2507555" - }, - { - "name" : "https://www.drupal.org/node/2507561", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2507561" - }, - { - "name" : "DSA-3291", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3291" - }, - { - "name" : "FEDORA-2015-10189", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html" - }, - { - "name" : "FEDORA-2015-10290", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html" - }, - { - "name" : "75279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75279" - }, - { - "name" : "75280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75280" - }, - { - "name" : "75284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-10189", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html" + }, + { + "name": "https://www.drupal.org/node/2507741", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2507741" + }, + { + "name": "75284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75284" + }, + { + "name": "https://www.drupal.org/node/2507735", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2507735" + }, + { + "name": "DSA-3291", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3291" + }, + { + "name": "FEDORA-2015-10290", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html" + }, + { + "name": "75279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75279" + }, + { + "name": "https://www.drupal.org/SA-CORE-2015-002", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2015-002" + }, + { + "name": "https://www.drupal.org/node/2507535", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2507535" + }, + { + "name": "75280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75280" + }, + { + "name": "https://www.drupal.org/node/2507561", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2507561" + }, + { + "name": "https://www.drupal.org/node/2507555", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2507555" + }, + { + "name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4" + }, + { + "name": "https://www.drupal.org/node/2507729", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2507729" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3391.json b/2015/3xxx/CVE-2015-3391.json index 8cacd7bbeb3..547ab6d6506 100644 --- a/2015/3xxx/CVE-2015-3391.json +++ b/2015/3xxx/CVE-2015-3391.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150205 CVE requests for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/05/16" - }, - { - "name" : "https://www.drupal.org/node/2420139", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2420139" - }, - { - "name" : "https://www.drupal.org/node/2420121", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2420121" - }, - { - "name" : "72569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72569" - }, - { - "name" : "pathbreadcrum-drupal-node-sec-bypass(100672)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72569" + }, + { + "name": "https://www.drupal.org/node/2420139", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2420139" + }, + { + "name": "pathbreadcrum-drupal-node-sec-bypass(100672)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100672" + }, + { + "name": "[oss-security] 20150205 CVE requests for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/05/16" + }, + { + "name": "https://www.drupal.org/node/2420121", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2420121" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3544.json b/2015/3xxx/CVE-2015-3544.json index 7b61d4c9a3c..860d60513e8 100644 --- a/2015/3xxx/CVE-2015-3544.json +++ b/2015/3xxx/CVE-2015-3544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3544", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3544", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7059.json b/2015/7xxx/CVE-2015-7059.json index 58eed8f5f21..3f3b48a0ff2 100644 --- a/2015/7xxx/CVE-2015-7059.json +++ b/2015/7xxx/CVE-2015-7059.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-7059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205637", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205637" - }, - { - "name" : "https://support.apple.com/HT205640", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205640" - }, - { - "name" : "https://support.apple.com/HT205641", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205641" - }, - { - "name" : "APPLE-SA-2015-12-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-12-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-12-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html" - }, - { - "name" : "1034344", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205637", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205637" + }, + { + "name": "1034344", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034344" + }, + { + "name": "APPLE-SA-2015-12-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html" + }, + { + "name": "APPLE-SA-2015-12-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205641", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205641" + }, + { + "name": "https://support.apple.com/HT205640", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205640" + }, + { + "name": "APPLE-SA-2015-12-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7860.json b/2015/7xxx/CVE-2015-7860.json index 6a24b5a07db..a265a8b2b77 100644 --- a/2015/7xxx/CVE-2015-7860.json +++ b/2015/7xxx/CVE-2015-7860.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-15-363/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-15-363/" - }, - { - "name" : "VU#966927", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/966927" - }, - { - "name" : "75966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75966" - }, - { - "name" : "1033861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#966927", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/966927" + }, + { + "name": "75966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75966" + }, + { + "name": "1033861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033861" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-15-363/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-15-363/" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7904.json b/2015/7xxx/CVE-2015-7904.json index e63e5dc3f28..2b2f4a2efd8 100644 --- a/2015/7xxx/CVE-2015-7904.json +++ b/2015/7xxx/CVE-2015-7904.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-7904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7955.json b/2015/7xxx/CVE-2015-7955.json index f553db50228..47f0118465a 100644 --- a/2015/7xxx/CVE-2015-7955.json +++ b/2015/7xxx/CVE-2015-7955.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7955", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7955", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8114.json b/2015/8xxx/CVE-2015-8114.json index 72796a44fd4..b840785ecfa 100644 --- a/2015/8xxx/CVE-2015-8114.json +++ b/2015/8xxx/CVE-2015-8114.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8114", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8114", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8176.json b/2015/8xxx/CVE-2015-8176.json index a9cc3e4ce7b..d4ed9235356 100644 --- a/2015/8xxx/CVE-2015-8176.json +++ b/2015/8xxx/CVE-2015-8176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8176", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8176. Reason: This candidate is a duplicate of CVE-2014-8176. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-8176 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8176", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8176. Reason: This candidate is a duplicate of CVE-2014-8176. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-8176 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8373.json b/2015/8xxx/CVE-2015-8373.json index e146a338a3b..b131945d2f4 100644 --- a/2015/8xxx/CVE-2015-8373.json +++ b/2015/8xxx/CVE-2015-8373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/article/AA-01318", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-01318" - }, - { - "name" : "FEDORA-2015-930b020175", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175218.html" - }, - { - "name" : "FEDORA-2015-aa3a69bdc3", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175337.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.isc.org/article/AA-01318", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-01318" + }, + { + "name": "FEDORA-2015-aa3a69bdc3", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175337.html" + }, + { + "name": "FEDORA-2015-930b020175", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175218.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8507.json b/2015/8xxx/CVE-2015-8507.json index 50a712adaff..f892fde4f6a 100644 --- a/2015/8xxx/CVE-2015-8507.json +++ b/2015/8xxx/CVE-2015-8507.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-8507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2015-12-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2015-12-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2015-12-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2015-12-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8721.json b/2015/8xxx/CVE-2015-8721.json index 477a7da0a51..c560fa08c23 100644 --- a/2015/8xxx/CVE-2015-8721.json +++ b/2015/8xxx/CVE-2015-8721.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2015-40.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2015-40.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cec0593ae6c3bca65eff65741c2a10f3de3e0afe", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cec0593ae6c3bca65eff65741c2a10f3de3e0afe" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-3505", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3505" - }, - { - "name" : "GLSA-201604-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-05" - }, - { - "name" : "79814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79814" - }, - { - "name" : "1034551", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2015-40.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2015-40.html" + }, + { + "name": "DSA-3505", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3505" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cec0593ae6c3bca65eff65741c2a10f3de3e0afe", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cec0593ae6c3bca65eff65741c2a10f3de3e0afe" + }, + { + "name": "79814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79814" + }, + { + "name": "GLSA-201604-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-05" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "1034551", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034551" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8820.json b/2015/8xxx/CVE-2015-8820.json index ab5f07a8df6..0083890ad43 100644 --- a/2015/8xxx/CVE-2015-8820.json +++ b/2015/8xxx/CVE-2015-8820.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8658." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-661", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-661" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "84160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8658." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-661", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-661" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "84160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84160" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9011.json b/2015/9xxx/CVE-2015-9011.json index 43a9d1ffaf2..d3187947273 100644 --- a/2015/9xxx/CVE-2015-9011.json +++ b/2015/9xxx/CVE-2015-9011.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-06-05T00:00:00", - "ID" : "CVE-2015-9011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-06-05T00:00:00", + "ID": "CVE-2015-9011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98874" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98874" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0402.json b/2016/0xxx/CVE-2016-0402.json index 63c35c0c362..a4fcda8d229 100644 --- a/2016/0xxx/CVE-2016-0402.json +++ b/2016/0xxx/CVE-2016-0402.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3465", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3465" - }, - { - "name" : "DSA-3458", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3458" - }, - { - "name" : "GLSA-201603-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-14" - }, - { - "name" : "GLSA-201610-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-08" - }, - { - "name" : "RHSA-2016:1430", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1430" - }, - { - "name" : "RHSA-2016:0049", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0049.html" - }, - { - "name" : "RHSA-2016:0050", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0050.html" - }, - { - "name" : "RHSA-2016:0053", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0053.html" - }, - { - "name" : "RHSA-2016:0054", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0054.html" - }, - { - "name" : "RHSA-2016:0055", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0055.html" - }, - { - "name" : "RHSA-2016:0056", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0056.html" - }, - { - "name" : "RHSA-2016:0057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0057.html" - }, - { - "name" : "RHSA-2016:0067", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0067.html" - }, - { - "name" : "SUSE-SU-2016:0256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0265", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" - }, - { - "name" : "SUSE-SU-2016:0269", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" - }, - { - "name" : "openSUSE-SU-2016:0263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" - }, - { - "name" : "openSUSE-SU-2016:0268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" - }, - { - "name" : "openSUSE-SU-2016:0270", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" - }, - { - "name" : "openSUSE-SU-2016:0272", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:0279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" - }, - { - "name" : "USN-2884-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2884-1" - }, - { - "name" : "USN-2885-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2885-1" - }, - { - "name" : "81096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81096" - }, - { - "name" : "1034715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0272", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" + }, + { + "name": "81096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81096" + }, + { + "name": "1034715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034715" + }, + { + "name": "openSUSE-SU-2016:0279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" + }, + { + "name": "GLSA-201610-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-08" + }, + { + "name": "USN-2884-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2884-1" + }, + { + "name": "DSA-3465", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3465" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "USN-2885-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2885-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "RHSA-2016:1430", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1430" + }, + { + "name": "RHSA-2016:0049", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" + }, + { + "name": "openSUSE-SU-2016:0270", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" + }, + { + "name": "RHSA-2016:0053", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" + }, + { + "name": "SUSE-SU-2016:0269", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" + }, + { + "name": "RHSA-2016:0067", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" + }, + { + "name": "openSUSE-SU-2016:0263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" + }, + { + "name": "SUSE-SU-2016:0256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" + }, + { + "name": "GLSA-201603-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-14" + }, + { + "name": "RHSA-2016:0057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" + }, + { + "name": "RHSA-2016:0055", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" + }, + { + "name": "RHSA-2016:0054", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" + }, + { + "name": "RHSA-2016:0056", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" + }, + { + "name": "openSUSE-SU-2016:0268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" + }, + { + "name": "RHSA-2016:0050", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" + }, + { + "name": "DSA-3458", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3458" + }, + { + "name": "SUSE-SU-2016:0265", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0686.json b/2016/0xxx/CVE-2016-0686.json index 87aee300420..6e4ffb1ac41 100644 --- a/2016/0xxx/CVE-2016-0686.json +++ b/2016/0xxx/CVE-2016-0686.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160420-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160420-0001/" - }, - { - "name" : "DSA-3558", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3558" - }, - { - "name" : "GLSA-201606-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-18" - }, - { - "name" : "RHSA-2016:0701", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0701.html" - }, - { - "name" : "RHSA-2016:0702", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0702.html" - }, - { - "name" : "RHSA-2016:0708", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0708.html" - }, - { - "name" : "RHSA-2016:0716", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0716.html" - }, - { - "name" : "RHSA-2016:0723", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0723.html" - }, - { - "name" : "RHSA-2016:1430", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1430" - }, - { - "name" : "RHSA-2016:1039", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1039.html" - }, - { - "name" : "RHSA-2016:0650", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0650.html" - }, - { - "name" : "RHSA-2016:0651", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0651.html" - }, - { - "name" : "RHSA-2016:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0675.html" - }, - { - "name" : "RHSA-2016:0676", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0676.html" - }, - { - "name" : "RHSA-2016:0677", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0677.html" - }, - { - "name" : "RHSA-2016:0678", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0678.html" - }, - { - "name" : "RHSA-2016:0679", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0679.html" - }, - { - "name" : "RHSA-2017:1216", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1216" - }, - { - "name" : "SUSE-SU-2016:1299", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html" - }, - { - "name" : "SUSE-SU-2016:1300", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html" - }, - { - "name" : "SUSE-SU-2016:1303", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html" - }, - { - "name" : "SUSE-SU-2016:1378", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html" - }, - { - "name" : "SUSE-SU-2016:1379", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html" - }, - { - "name" : "SUSE-SU-2016:1388", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html" - }, - { - "name" : "SUSE-SU-2016:1458", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html" - }, - { - "name" : "SUSE-SU-2016:1475", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1222", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:1230", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html" - }, - { - "name" : "openSUSE-SU-2016:1235", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html" - }, - { - "name" : "SUSE-SU-2016:1248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html" - }, - { - "name" : "SUSE-SU-2016:1250", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html" - }, - { - "name" : "openSUSE-SU-2016:1262", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html" - }, - { - "name" : "openSUSE-SU-2016:1265", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html" - }, - { - "name" : "USN-2963-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2963-1" - }, - { - "name" : "USN-2964-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2964-1" - }, - { - "name" : "USN-2972-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2972-1" - }, - { - "name" : "86473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/86473" - }, - { - "name" : "1035596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/86473" + }, + { + "name": "openSUSE-SU-2016:1222", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html" + }, + { + "name": "RHSA-2016:0677", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html" + }, + { + "name": "SUSE-SU-2016:1299", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html" + }, + { + "name": "RHSA-2016:1039", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html" + }, + { + "name": "RHSA-2016:0701", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html" + }, + { + "name": "USN-2972-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2972-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "SUSE-SU-2016:1303", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html" + }, + { + "name": "SUSE-SU-2016:1475", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html" + }, + { + "name": "openSUSE-SU-2016:1235", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html" + }, + { + "name": "openSUSE-SU-2016:1262", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html" + }, + { + "name": "SUSE-SU-2016:1300", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html" + }, + { + "name": "RHSA-2016:0676", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html" + }, + { + "name": "RHSA-2016:1430", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1430" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160420-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160420-0001/" + }, + { + "name": "RHSA-2016:0708", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html" + }, + { + "name": "RHSA-2016:0723", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html" + }, + { + "name": "RHSA-2016:0651", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html" + }, + { + "name": "SUSE-SU-2016:1378", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html" + }, + { + "name": "SUSE-SU-2016:1248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html" + }, + { + "name": "SUSE-SU-2016:1379", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html" + }, + { + "name": "USN-2964-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2964-1" + }, + { + "name": "openSUSE-SU-2016:1230", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html" + }, + { + "name": "SUSE-SU-2016:1458", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html" + }, + { + "name": "GLSA-201606-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-18" + }, + { + "name": "RHSA-2016:0716", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html" + }, + { + "name": "1035596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035596" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "openSUSE-SU-2016:1265", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html" + }, + { + "name": "USN-2963-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2963-1" + }, + { + "name": "RHSA-2016:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html" + }, + { + "name": "SUSE-SU-2016:1250", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html" + }, + { + "name": "SUSE-SU-2016:1388", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html" + }, + { + "name": "RHSA-2016:0702", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html" + }, + { + "name": "RHSA-2016:0679", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html" + }, + { + "name": "RHSA-2017:1216", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1216" + }, + { + "name": "DSA-3558", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3558" + }, + { + "name": "RHSA-2016:0678", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html" + }, + { + "name": "RHSA-2016:0650", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0714.json b/2016/0xxx/CVE-2016-0714.json index 5b588ef3af9..ee736cfaac1 100644 --- a/2016/0xxx/CVE-2016-0714.json +++ b/2016/0xxx/CVE-2016-0714.json @@ -1,272 +1,272 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-0714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160222 [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Feb/145" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1725263", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1725263" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1725914", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1725914" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1726196", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1726196" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1726203", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1726203" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1726923", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1726923" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1727034", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1727034" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1727166", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1727166" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1727182", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1727182" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "http://tomcat.apache.org/security-8.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-8.html" - }, - { - "name" : "http://tomcat.apache.org/security-9.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-9.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa118", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa118" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180531-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180531-0001/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "DSA-3530", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3530" - }, - { - "name" : "DSA-3609", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3609" - }, - { - "name" : "DSA-3552", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3552" - }, - { - "name" : "GLSA-201705-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-09" - }, - { - "name" : "HPSBUX03561", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=145974991225029&w=2" - }, - { - "name" : "RHSA-2016:2045", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2045.html" - }, - { - "name" : "RHSA-2016:1087", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1087" - }, - { - "name" : "RHSA-2016:1088", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1088" - }, - { - "name" : "RHSA-2016:1089", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1089.html" - }, - { - "name" : "RHSA-2016:2599", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2599.html" - }, - { - "name" : "RHSA-2016:2807", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2807.html" - }, - { - "name" : "RHSA-2016:2808", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2808.html" - }, - { - "name" : "SUSE-SU-2016:0769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html" - }, - { - "name" : "SUSE-SU-2016:0822", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html" - }, - { - "name" : "SUSE-SU-2016:0839", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html" - }, - { - "name" : "openSUSE-SU-2016:0865", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html" - }, - { - "name" : "USN-3024-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3024-1" - }, - { - "name" : "83327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83327" - }, - { - "name" : "1035069", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035069" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "GLSA-201705-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-09" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1726196", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1726196" + }, + { + "name": "20160222 [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Feb/145" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "openSUSE-SU-2016:0865", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html" + }, + { + "name": "http://tomcat.apache.org/security-9.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-9.html" + }, + { + "name": "USN-3024-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3024-1" + }, + { + "name": "SUSE-SU-2016:0769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html" + }, + { + "name": "RHSA-2016:2045", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1725263", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1725263" + }, + { + "name": "DSA-3530", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3530" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1726923", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1726923" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1727166", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1727166" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1727034", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1727034" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1725914", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1725914" + }, + { + "name": "HPSBUX03561", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=145974991225029&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "RHSA-2016:1089", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html" + }, + { + "name": "http://tomcat.apache.org/security-8.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-8.html" + }, + { + "name": "RHSA-2016:1087", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1087" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "1035069", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035069" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa118", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa118" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442" + }, + { + "name": "RHSA-2016:2807", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html" + }, + { + "name": "RHSA-2016:1088", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1088" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180531-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180531-0001/" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "RHSA-2016:2808", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1726203", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1726203" + }, + { + "name": "SUSE-SU-2016:0822", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1727182", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1727182" + }, + { + "name": "83327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83327" + }, + { + "name": "RHSA-2016:2599", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html" + }, + { + "name": "DSA-3609", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3609" + }, + { + "name": "SUSE-SU-2016:0839", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626" + }, + { + "name": "DSA-3552", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3552" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1417.json b/2016/1xxx/CVE-2016-1417.json index db99aef3795..5e242c9646b 100644 --- a/2016/1xxx/CVE-2016-1417.json +++ b/2016/1xxx/CVE-2016-1417.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161012 Snort v2.9.7.0-WIN32 DLL Hijack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539579/100/0/threaded" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html" - }, - { - "name" : "93269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93269" - }, - { - "name" : "1036936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036936" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt" + }, + { + "name": "93269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93269" + }, + { + "name": "http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html" + }, + { + "name": "20161012 Snort v2.9.7.0-WIN32 DLL Hijack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539579/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1553.json b/2016/1xxx/CVE-2016-1553.json index cbf427dfb96..ab42ea0fc69 100644 --- a/2016/1xxx/CVE-2016-1553.json +++ b/2016/1xxx/CVE-2016-1553.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1553", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1553", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1874.json b/2016/1xxx/CVE-2016-1874.json index 9113931c125..51ddacb7fd2 100644 --- a/2016/1xxx/CVE-2016-1874.json +++ b/2016/1xxx/CVE-2016-1874.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1874", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1874", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5042.json b/2016/5xxx/CVE-2016-5042.json index 8497fe6166a..d7d8251108d 100644 --- a/2016/5xxx/CVE-2016-5042.json +++ b/2016/5xxx/CVE-2016-5042.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf & dwarfdump", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/24/1" - }, - { - "name" : "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/25/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1332145", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1332145" - }, - { - "name" : "https://www.prevanders.net/dwarfbug.html", - "refsource" : "CONFIRM", - "url" : "https://www.prevanders.net/dwarfbug.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.prevanders.net/dwarfbug.html", + "refsource": "CONFIRM", + "url": "https://www.prevanders.net/dwarfbug.html" + }, + { + "name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf & dwarfdump", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/24/1" + }, + { + "name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/25/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332145", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332145" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5374.json b/2016/5xxx/CVE-2016-5374.json index 80788137fa7..74ef8ed7d37 100644 --- a/2016/5xxx/CVE-2016-5374.json +++ b/2016/5xxx/CVE-2016-5374.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/s/article/ka51A00000007IBQAY/NTAP-20170228-0002?language=en_US", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/ka51A00000007IBQAY/NTAP-20170228-0002?language=en_US" - }, - { - "name" : "96524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/s/article/ka51A00000007IBQAY/NTAP-20170228-0002?language=en_US", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/ka51A00000007IBQAY/NTAP-20170228-0002?language=en_US" + }, + { + "name": "96524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96524" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5451.json b/2016/5xxx/CVE-2016-5451.json index 4c52070f9d9..59f18dae968 100644 --- a/2016/5xxx/CVE-2016-5451.json +++ b/2016/5xxx/CVE-2016-5451.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91954" - }, - { - "name" : "1036400", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036400", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036400" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91954" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5818.json b/2016/5xxx/CVE-2016-5818.json index c0888682d1a..6397f06ab15 100644 --- a/2016/5xxx/CVE-2016-5818.json +++ b/2016/5xxx/CVE-2016-5818.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-5818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Schneider Electric PowerLogic 2.651 and older", - "version" : { - "version_data" : [ - { - "version_value" : "Schneider Electric PowerLogic 2.651 and older" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-5818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Schneider Electric PowerLogic 2.651 and older", + "version": { + "version_data": [ + { + "version_value": "Schneider Electric PowerLogic 2.651 and older" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01" - }, - { - "name" : "93602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01" + }, + { + "name": "93602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93602" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0001.json b/2019/0xxx/CVE-2019-0001.json index 221b8eb2780..f859e8e1b76 100644 --- a/2019/0xxx/CVE-2019-0001.json +++ b/2019/0xxx/CVE-2019-0001.json @@ -1,161 +1,161 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2019-01-09T17:00:00.000Z", - "ID" : "CVE-2019-0001", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd)." - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "MX Series", - "version_name" : "16.1", - "version_value" : "16.1R7-S1" - }, - { - "affected" : "<", - "platform" : "MX Series", - "version_name" : "16.2", - "version_value" : "16.2R2-S7" - }, - { - "affected" : "<", - "platform" : "MX Series", - "version_name" : "17.1", - "version_value" : "17.1R2-S10, 17.1R3" - }, - { - "affected" : "<", - "platform" : "MX Series", - "version_name" : "17.2", - "version_value" : "17.2R3" - }, - { - "affected" : "<", - "platform" : "MX Series", - "version_name" : "17.3", - "version_value" : "17.3R3-S1" - }, - { - "affected" : "<", - "platform" : "MX Series", - "version_name" : "17.4", - "version_value" : "17.4R2" - }, - { - "affected" : "<", - "platform" : "MX Series", - "version_name" : "18.1", - "version_value" : "18.1R3" - }, - { - "affected" : "<", - "platform" : "MX Series", - "version_name" : "18.2", - "version_value" : "18.2R2" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [ - { - "lang" : "eng", - "value" : "This issue can only occur on MX Series devices with dynamic vlan configuration." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-674: Uncontrolled Recursion" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2019-01-09T17:00:00.000Z", + "ID": "CVE-2019-0001", + "STATE": "PUBLIC", + "TITLE": "Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd)." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "MX Series", + "version_name": "16.1", + "version_value": "16.1R7-S1" + }, + { + "affected": "<", + "platform": "MX Series", + "version_name": "16.2", + "version_value": "16.2R2-S7" + }, + { + "affected": "<", + "platform": "MX Series", + "version_name": "17.1", + "version_value": "17.1R2-S10, 17.1R3" + }, + { + "affected": "<", + "platform": "MX Series", + "version_name": "17.2", + "version_value": "17.2R3" + }, + { + "affected": "<", + "platform": "MX Series", + "version_name": "17.3", + "version_value": "17.3R3-S1" + }, + { + "affected": "<", + "platform": "MX Series", + "version_name": "17.4", + "version_value": "17.4R2" + }, + { + "affected": "<", + "platform": "MX Series", + "version_name": "18.1", + "version_value": "18.1R3" + }, + { + "affected": "<", + "platform": "MX Series", + "version_name": "18.2", + "version_value": "18.2R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10900", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10900" - }, - { - "name" : "106541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106541" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following Junos OS releases have been updated to resolve this specific issue: 16.1R7-S1, 16.2R2-S7, 17.1R2-S10, 17.1R3, 17.2R3, 17.3R3-S1, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n" - } - ], - "source" : { - "advisory" : "JSA10900", - "defect" : [ - "1356474" - ], - "discovery" : "USER" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "There are no viable workarounds for this issue." - } - ] -} + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue can only occur on MX Series devices with dynamic vlan configuration." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-674: Uncontrolled Recursion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10900", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10900" + }, + { + "name": "106541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106541" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following Junos OS releases have been updated to resolve this specific issue: 16.1R7-S1, 16.2R2-S7, 17.1R2-S10, 17.1R3, 17.2R3, 17.3R3-S1, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10900", + "defect": [ + "1356474" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0262.json b/2019/0xxx/CVE-2019-0262.json index ef7861d162f..69902127413 100644 --- a/2019/0xxx/CVE-2019-0262.json +++ b/2019/0xxx/CVE-2019-0262.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2019-0262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP WebIntelligence BILaunchPad (Enterprise)", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "4.10" - }, - { - "version_name" : "<", - "version_value" : "4.20" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2019-0262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP WebIntelligence BILaunchPad (Enterprise)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.10" + }, + { + "version_name": "<", + "version_value": "4.20" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2696714", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2696714" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943" - }, - { - "name" : "106998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943" + }, + { + "name": "106998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106998" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2696714", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2696714" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0301.json b/2019/0xxx/CVE-2019-0301.json index 9216908aa60..d2d1aab6975 100644 --- a/2019/0xxx/CVE-2019-0301.json +++ b/2019/0xxx/CVE-2019-0301.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0301", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0301", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0945.json b/2019/0xxx/CVE-2019-0945.json index d22034b2a07..a50bf758baa 100644 --- a/2019/0xxx/CVE-2019-0945.json +++ b/2019/0xxx/CVE-2019-0945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1089.json b/2019/1xxx/CVE-2019-1089.json index 2ebbba54064..24cf98b8432 100644 --- a/2019/1xxx/CVE-2019-1089.json +++ b/2019/1xxx/CVE-2019-1089.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1089", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1089", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1136.json b/2019/1xxx/CVE-2019-1136.json index 715f046bb8f..dadd053e5a9 100644 --- a/2019/1xxx/CVE-2019-1136.json +++ b/2019/1xxx/CVE-2019-1136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1136", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1136", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1254.json b/2019/1xxx/CVE-2019-1254.json index 6ccc0ca9286..65a69bc3545 100644 --- a/2019/1xxx/CVE-2019-1254.json +++ b/2019/1xxx/CVE-2019-1254.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1254", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1254", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1526.json b/2019/1xxx/CVE-2019-1526.json index deeefef79e1..eaa69b7c0f2 100644 --- a/2019/1xxx/CVE-2019-1526.json +++ b/2019/1xxx/CVE-2019-1526.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1526", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1526", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1607.json b/2019/1xxx/CVE-2019-1607.json index 238a1cdcf19..7d0f417a85f 100644 --- a/2019/1xxx/CVE-2019-1607.json +++ b/2019/1xxx/CVE-2019-1607.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", - "ID" : "CVE-2019-1607", - "STATE" : "PUBLIC", - "TITLE" : "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nexus 7000 and 7700 Series Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.2(22)" - }, - { - "affected" : "<", - "version_value" : "7.3(3)D1(1)" - }, - { - "affected" : "<", - "version_value" : "8.2(3)" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "4.2", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-06T16:00:00-0800", + "ID": "CVE-2019-1607", + "STATE": "PUBLIC", + "TITLE": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nexus 7000 and 7700 Series Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.2(22)" + }, + { + "affected": "<", + "version_value": "7.3(3)D1(1)" + }, + { + "affected": "<", + "version_value": "8.2(3)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607" - }, - { - "name" : "107393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107393" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190306-nxos-cmdinj-1607", - "defect" : [ - [ - "CSCvi01416" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.2", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607" + }, + { + "name": "107393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107393" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190306-nxos-cmdinj-1607", + "defect": [ + [ + "CSCvi01416" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4652.json b/2019/4xxx/CVE-2019-4652.json index 8c128bbdfc0..a159c4ff7d9 100644 --- a/2019/4xxx/CVE-2019-4652.json +++ b/2019/4xxx/CVE-2019-4652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4652", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4652", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4780.json b/2019/4xxx/CVE-2019-4780.json index 4c3e8d7bb07..d741f912a17 100644 --- a/2019/4xxx/CVE-2019-4780.json +++ b/2019/4xxx/CVE-2019-4780.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4780", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4780", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4967.json b/2019/4xxx/CVE-2019-4967.json index 0255e7069a4..7bae83b5b91 100644 --- a/2019/4xxx/CVE-2019-4967.json +++ b/2019/4xxx/CVE-2019-4967.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4967", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4967", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5369.json b/2019/5xxx/CVE-2019-5369.json index 38eeac4a256..894cca743d7 100644 --- a/2019/5xxx/CVE-2019-5369.json +++ b/2019/5xxx/CVE-2019-5369.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5369", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5369", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5394.json b/2019/5xxx/CVE-2019-5394.json index cb068539de1..1264b2b41be 100644 --- a/2019/5xxx/CVE-2019-5394.json +++ b/2019/5xxx/CVE-2019-5394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5394", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5394", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5494.json b/2019/5xxx/CVE-2019-5494.json index 40c453ea176..8e09ae17f74 100644 --- a/2019/5xxx/CVE-2019-5494.json +++ b/2019/5xxx/CVE-2019-5494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5494", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5494", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5536.json b/2019/5xxx/CVE-2019-5536.json index 1fc143e9a6d..7f5ed1fd3ad 100644 --- a/2019/5xxx/CVE-2019-5536.json +++ b/2019/5xxx/CVE-2019-5536.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5536", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5536", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8446.json b/2019/8xxx/CVE-2019-8446.json index ea1aa9c5241..8b1edd8dd94 100644 --- a/2019/8xxx/CVE-2019-8446.json +++ b/2019/8xxx/CVE-2019-8446.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8446", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8446", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8860.json b/2019/8xxx/CVE-2019-8860.json index ccd5e2e705c..44c697bbc81 100644 --- a/2019/8xxx/CVE-2019-8860.json +++ b/2019/8xxx/CVE-2019-8860.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8860", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8860", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9062.json b/2019/9xxx/CVE-2019-9062.json index 51bebda8f4b..1a2c0b3cc0a 100644 --- a/2019/9xxx/CVE-2019-9062.json +++ b/2019/9xxx/CVE-2019-9062.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackingvila.wordpress.com/2019/02/19/php-scripts-mall-online-food-ordering-script-has-cross-site-request-forgery-csrf-php-script-mall/", - "refsource" : "MISC", - "url" : "https://hackingvila.wordpress.com/2019/02/19/php-scripts-mall-online-food-ordering-script-has-cross-site-request-forgery-csrf-php-script-mall/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackingvila.wordpress.com/2019/02/19/php-scripts-mall-online-food-ordering-script-has-cross-site-request-forgery-csrf-php-script-mall/", + "refsource": "MISC", + "url": "https://hackingvila.wordpress.com/2019/02/19/php-scripts-mall-online-food-ordering-script-has-cross-site-request-forgery-csrf-php-script-mall/" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9091.json b/2019/9xxx/CVE-2019-9091.json index cbc4a6b70ef..ad7cad66181 100644 --- a/2019/9xxx/CVE-2019-9091.json +++ b/2019/9xxx/CVE-2019-9091.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9091", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9091", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9574.json b/2019/9xxx/CVE-2019-9574.json index 8dfd7b0d317..f5d827af30a 100644 --- a/2019/9xxx/CVE-2019-9574.json +++ b/2019/9xxx/CVE-2019-9574.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/hrm/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/hrm/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/hrm/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/hrm/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9617.json b/2019/9xxx/CVE-2019-9617.json index 61bddaead5c..c9d03ffece1 100644 --- a/2019/9xxx/CVE-2019-9617.json +++ b/2019/9xxx/CVE-2019-9617.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seebug.org/vuldb/ssvid-97831", - "refsource" : "MISC", - "url" : "https://www.seebug.org/vuldb/ssvid-97831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.seebug.org/vuldb/ssvid-97831", + "refsource": "MISC", + "url": "https://www.seebug.org/vuldb/ssvid-97831" + } + ] + } +} \ No newline at end of file