From e7b2e2b2791ce39d11c46520d97bf9c081038e64 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:24:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0042.json | 190 ++++---- 2007/0xxx/CVE-2007-0365.json | 160 +++---- 2007/0xxx/CVE-2007-0599.json | 150 +++---- 2007/0xxx/CVE-2007-0770.json | 200 ++++----- 2007/0xxx/CVE-2007-0876.json | 190 ++++---- 2007/0xxx/CVE-2007-0912.json | 150 +++---- 2007/1xxx/CVE-2007-1351.json | 790 ++++++++++++++++----------------- 2007/1xxx/CVE-2007-1403.json | 140 +++--- 2007/3xxx/CVE-2007-3351.json | 140 +++--- 2007/3xxx/CVE-2007-3442.json | 170 +++---- 2007/3xxx/CVE-2007-3600.json | 150 +++---- 2007/4xxx/CVE-2007-4121.json | 170 +++---- 2007/4xxx/CVE-2007-4296.json | 170 +++---- 2007/4xxx/CVE-2007-4421.json | 220 ++++----- 2007/4xxx/CVE-2007-4442.json | 180 ++++---- 2014/5xxx/CVE-2014-5178.json | 150 +++---- 2014/5xxx/CVE-2014-5188.json | 150 +++---- 2015/2xxx/CVE-2015-2170.json | 160 +++---- 2015/2xxx/CVE-2015-2357.json | 34 +- 2015/2xxx/CVE-2015-2622.json | 130 +++--- 2015/2xxx/CVE-2015-2645.json | 130 +++--- 2015/2xxx/CVE-2015-2820.json | 160 +++---- 2015/2xxx/CVE-2015-2840.json | 160 +++---- 2015/2xxx/CVE-2015-2955.json | 150 +++---- 2015/6xxx/CVE-2015-6314.json | 130 +++--- 2015/6xxx/CVE-2015-6403.json | 140 +++--- 2015/6xxx/CVE-2015-6689.json | 140 +++--- 2015/6xxx/CVE-2015-6909.json | 170 +++---- 2015/7xxx/CVE-2015-7005.json | 140 +++--- 2015/7xxx/CVE-2015-7149.json | 34 +- 2015/7xxx/CVE-2015-7851.json | 34 +- 2016/0xxx/CVE-2016-0073.json | 140 +++--- 2016/0xxx/CVE-2016-0300.json | 130 +++--- 2016/0xxx/CVE-2016-0565.json | 130 +++--- 2016/0xxx/CVE-2016-0609.json | 330 +++++++------- 2016/0xxx/CVE-2016-0844.json | 130 +++--- 2016/10xxx/CVE-2016-10116.json | 140 +++--- 2016/1xxx/CVE-2016-1578.json | 120 ++--- 2016/1xxx/CVE-2016-1682.json | 230 +++++----- 2016/4xxx/CVE-2016-4111.json | 170 +++---- 2016/4xxx/CVE-2016-4253.json | 140 +++--- 2016/4xxx/CVE-2016-4643.json | 140 +++--- 2016/4xxx/CVE-2016-4827.json | 140 +++--- 2016/4xxx/CVE-2016-4949.json | 130 +++--- 2016/4xxx/CVE-2016-4980.json | 34 +- 2016/9xxx/CVE-2016-9423.json | 160 +++---- 2019/2xxx/CVE-2019-2972.json | 34 +- 2019/3xxx/CVE-2019-3110.json | 34 +- 2019/3xxx/CVE-2019-3289.json | 34 +- 2019/3xxx/CVE-2019-3329.json | 34 +- 2019/3xxx/CVE-2019-3360.json | 34 +- 2019/4xxx/CVE-2019-4407.json | 34 +- 2019/6xxx/CVE-2019-6235.json | 260 +++++------ 2019/6xxx/CVE-2019-6401.json | 34 +- 2019/6xxx/CVE-2019-6734.json | 34 +- 2019/6xxx/CVE-2019-6750.json | 34 +- 2019/6xxx/CVE-2019-6824.json | 34 +- 2019/7xxx/CVE-2019-7122.json | 34 +- 2019/7xxx/CVE-2019-7678.json | 130 +++--- 2019/7xxx/CVE-2019-7740.json | 120 ++--- 2019/7xxx/CVE-2019-7884.json | 34 +- 2019/8xxx/CVE-2019-8718.json | 34 +- 2019/8xxx/CVE-2019-8726.json | 34 +- 2019/8xxx/CVE-2019-8940.json | 34 +- 2019/9xxx/CVE-2019-9291.json | 34 +- 2019/9xxx/CVE-2019-9561.json | 34 +- 2019/9xxx/CVE-2019-9600.json | 130 +++--- 2019/9xxx/CVE-2019-9681.json | 34 +- 68 files changed, 4349 insertions(+), 4349 deletions(-) diff --git a/2007/0xxx/CVE-2007-0042.json b/2007/0xxx/CVE-2007-0042.json index 092da60313b..872b15a0812 100644 --- a/2007/0xxx/CVE-2007-0042.json +++ b/2007/0xxx/CVE-2007-0042.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka \"Null Byte Termination Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf", - "refsource" : "MISC", - "url" : "http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf" - }, - { - "name" : "SSRT071446", - "refsource" : "HP", - "url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" - }, - { - "name" : "MS07-040", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040" - }, - { - "name" : "TA07-191A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" - }, - { - "name" : "ADV-2007-2482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2482" - }, - { - "name" : "oval:org.mitre.oval:def:2070", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070" - }, - { - "name" : "1018356", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018356" - }, - { - "name" : "26003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka \"Null Byte Termination Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT071446", + "refsource": "HP", + "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" + }, + { + "name": "MS07-040", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040" + }, + { + "name": "ADV-2007-2482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2482" + }, + { + "name": "oval:org.mitre.oval:def:2070", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070" + }, + { + "name": "26003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26003" + }, + { + "name": "http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf", + "refsource": "MISC", + "url": "http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf" + }, + { + "name": "TA07-191A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" + }, + { + "name": "1018356", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018356" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0365.json b/2007/0xxx/CVE-2007-0365.json index 3fdf7a3bc9e..d716cb0c861 100644 --- a/2007/0xxx/CVE-2007-0365.json +++ b/2007/0xxx/CVE-2007-0365.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=478370", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=478370" - }, - { - "name" : "ADV-2007-0189", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0189" - }, - { - "name" : "32808", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32808" - }, - { - "name" : "23732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23732" - }, - { - "name" : "aiocp-unspecified-xss(31486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aiocp-unspecified-xss(31486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31486" + }, + { + "name": "23732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23732" + }, + { + "name": "32808", + "refsource": "OSVDB", + "url": "http://osvdb.org/32808" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=478370", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=478370" + }, + { + "name": "ADV-2007-0189", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0189" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0599.json b/2007/0xxx/CVE-2007-0599.json index 1e1542a340f..ff4bac6815f 100644 --- a/2007/0xxx/CVE-2007-0599.json +++ b/2007/0xxx/CVE-2007-0599.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458076/100/0/threaded" - }, - { - "name" : "20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458123/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/21070125.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/21070125.txt" - }, - { - "name" : "33596", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://acid-root.new.fr/poc/21070125.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/21070125.txt" + }, + { + "name": "20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458076/100/0/threaded" + }, + { + "name": "33596", + "refsource": "OSVDB", + "url": "http://osvdb.org/33596" + }, + { + "name": "20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458123/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0770.json b/2007/0xxx/CVE-2007-0770.json index e3000a0b53f..b77b018df0c 100644 --- a/2007/0xxx/CVE-2007-0770.json +++ b/2007/0xxx/CVE-2007-0770.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070208 rPSA-2007-0029-1 ImageMagick", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459507/100/0/threaded" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1034", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1034" - }, - { - "name" : "DSA-1260", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1260" - }, - { - "name" : "MDKSA-2007:041", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:041" - }, - { - "name" : "SUSE-SR:2007:003", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_3_sr.html" - }, - { - "name" : "USN-422-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-422-1" - }, - { - "name" : "31911", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31911" - }, - { - "name" : "24167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24167" - }, - { - "name" : "24196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24196" + }, + { + "name": "24167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24167" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1034", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1034" + }, + { + "name": "SUSE-SR:2007:003", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_3_sr.html" + }, + { + "name": "USN-422-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-422-1" + }, + { + "name": "20070208 rPSA-2007-0029-1 ImageMagick", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459507/100/0/threaded" + }, + { + "name": "31911", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31911" + }, + { + "name": "MDKSA-2007:041", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:041" + }, + { + "name": "DSA-1260", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1260" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0876.json b/2007/0xxx/CVE-2007-0876.json index 97631ff35a4..73b158320ba 100644 --- a/2007/0xxx/CVE-2007-0876.json +++ b/2007/0xxx/CVE-2007-0876.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070210 [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459664/100/0/threaded" - }, - { - "name" : "20070211 Re: [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459791/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558" - }, - { - "name" : "22510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22510" - }, - { - "name" : "ADV-2007-0555", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0555" - }, - { - "name" : "32194", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32194" - }, - { - "name" : "24110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24110" - }, - { - "name" : "qdig-qwd-xss(32421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558" + }, + { + "name": "24110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24110" + }, + { + "name": "qdig-qwd-xss(32421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32421" + }, + { + "name": "20070210 [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459664/100/0/threaded" + }, + { + "name": "ADV-2007-0555", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0555" + }, + { + "name": "20070211 Re: [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459791/100/0/threaded" + }, + { + "name": "32194", + "refsource": "OSVDB", + "url": "http://osvdb.org/32194" + }, + { + "name": "22510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22510" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0912.json b/2007/0xxx/CVE-2007-0912.json index 15288a9a070..476ec04ce7d 100644 --- a/2007/0xxx/CVE-2007-0912.json +++ b/2007/0xxx/CVE-2007-0912.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070211 Jportal 2.3.1 CSRF vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459827/100/0/threaded" - }, - { - "name" : "33712", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33712" - }, - { - "name" : "2239", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2239" - }, - { - "name" : "jportal-admin-csrf(32458)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2239", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2239" + }, + { + "name": "20070211 Jportal 2.3.1 CSRF vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459827/100/0/threaded" + }, + { + "name": "jportal-admin-csrf(32458)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32458" + }, + { + "name": "33712", + "refsource": "OSVDB", + "url": "http://osvdb.org/33712" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1351.json b/2007/1xxx/CVE-2007-1351.json index 26f271d9106..9632fa68b6d 100644 --- a/2007/1xxx/CVE-2007-1351.json +++ b/2007/1xxx/CVE-2007-1351.json @@ -1,397 +1,397 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" - }, - { - "name" : "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464686/100/0/threaded" - }, - { - "name" : "20070405 FLEA-2007-0009-1: xorg-x11 freetype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464816/100/0/threaded" - }, - { - "name" : "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" - }, - { - "name" : "http://issues.foresightlinux.org/browse/FL-223", - "refsource" : "CONFIRM", - "url" : "http://issues.foresightlinux.org/browse/FL-223" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=498954", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=498954" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1213", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1213" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" - }, - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "APPLE-SA-2007-11-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "DSA-1294", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1294" - }, - { - "name" : "DSA-1454", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1454" - }, - { - "name" : "GLSA-200705-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-02.xml" - }, - { - "name" : "GLSA-200705-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-10.xml" - }, - { - "name" : "GLSA-200805-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" - }, - { - "name" : "MDKSA-2007:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" - }, - { - "name" : "MDKSA-2007:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" - }, - { - "name" : "MDKSA-2007:081", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" - }, - { - "name" : "[3.9] 021: SECURITY FIX: April 4, 2007", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata39.html#021_xorg" - }, - { - "name" : "[4.0] 011: SECURITY FIX: April 4, 2007", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata40.html#011_xorg" - }, - { - "name" : "RHSA-2007:0126", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0126.html" - }, - { - "name" : "RHSA-2007:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0125.html" - }, - { - "name" : "RHSA-2007:0132", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0132.html" - }, - { - "name" : "RHSA-2007:0150", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0150.html" - }, - { - "name" : "SSA:2007-109-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733" - }, - { - "name" : "102886", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" - }, - { - "name" : "SUSE-SR:2007:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_6_sr.html" - }, - { - "name" : "SUSE-SA:2007:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_27_x.html" - }, - { - "name" : "2007-0013", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0013/" - }, - { - "name" : "USN-448-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-448-1" - }, - { - "name" : "23283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23283" - }, - { - "name" : "23402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23402" - }, - { - "name" : "23300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23300" - }, - { - "name" : "oval:org.mitre.oval:def:11266", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" - }, - { - "name" : "ADV-2007-1217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1217" - }, - { - "name" : "ADV-2007-1264", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1264" - }, - { - "name" : "ADV-2007-1548", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1548" - }, - { - "name" : "oval:org.mitre.oval:def:1810", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" - }, - { - "name" : "1017857", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017857" - }, - { - "name" : "24741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24741" - }, - { - "name" : "24756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24756" - }, - { - "name" : "24770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24770" - }, - { - "name" : "24745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24745" - }, - { - "name" : "24758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24758" - }, - { - "name" : "24765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24765" - }, - { - "name" : "24768", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24768" - }, - { - "name" : "24771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24771" - }, - { - "name" : "24772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24772" - }, - { - "name" : "24776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24776" - }, - { - "name" : "24791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24791" - }, - { - "name" : "24885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24885" - }, - { - "name" : "24889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24889" - }, - { - "name" : "25004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25004" - }, - { - "name" : "24921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24921" - }, - { - "name" : "24996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24996" - }, - { - "name" : "25006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25006" - }, - { - "name" : "25096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25096" - }, - { - "name" : "25195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25195" - }, - { - "name" : "25216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25216" - }, - { - "name" : "25305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25305" - }, - { - "name" : "25495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25495" - }, - { - "name" : "28333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28333" - }, - { - "name" : "30161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30161" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - }, - { - "name" : "xorg-bdf-font-bo(33417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2007:0150", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" + }, + { + "name": "24745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24745" + }, + { + "name": "24921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24921" + }, + { + "name": "oval:org.mitre.oval:def:1810", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" + }, + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "2007-0013", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0013/" + }, + { + "name": "24771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24771" + }, + { + "name": "GLSA-200705-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" + }, + { + "name": "24889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24889" + }, + { + "name": "24770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24770" + }, + { + "name": "25006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25006" + }, + { + "name": "24756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24756" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954" + }, + { + "name": "25495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25495" + }, + { + "name": "24996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24996" + }, + { + "name": "23283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23283" + }, + { + "name": "RHSA-2007:0126", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" + }, + { + "name": "23300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23300" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "GLSA-200705-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" + }, + { + "name": "USN-448-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-448-1" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "MDKSA-2007:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" + }, + { + "name": "SSA:2007-109-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733" + }, + { + "name": "SUSE-SR:2007:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" + }, + { + "name": "MDKSA-2007:081", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" + }, + { + "name": "DSA-1454", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1454" + }, + { + "name": "24758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24758" + }, + { + "name": "ADV-2007-1264", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1264" + }, + { + "name": "1017857", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017857" + }, + { + "name": "24885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24885" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" + }, + { + "name": "25096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25096" + }, + { + "name": "25195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25195" + }, + { + "name": "RHSA-2007:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" + }, + { + "name": "24741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24741" + }, + { + "name": "APPLE-SA-2007-11-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" + }, + { + "name": "24776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24776" + }, + { + "name": "28333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28333" + }, + { + "name": "24768", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24768" + }, + { + "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" + }, + { + "name": "24791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24791" + }, + { + "name": "SUSE-SA:2007:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" + }, + { + "name": "30161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30161" + }, + { + "name": "GLSA-200805-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=498954", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" + }, + { + "name": "DSA-1294", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1294" + }, + { + "name": "24765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24765" + }, + { + "name": "25216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25216" + }, + { + "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" + }, + { + "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" + }, + { + "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" + }, + { + "name": "ADV-2007-1548", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1548" + }, + { + "name": "xorg-bdf-font-bo(33417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" + }, + { + "name": "102886", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" + }, + { + "name": "ADV-2007-1217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1217" + }, + { + "name": "[4.0] 011: SECURITY FIX: April 4, 2007", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata40.html#011_xorg" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1213", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1213" + }, + { + "name": "23402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23402" + }, + { + "name": "25004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25004" + }, + { + "name": "25305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25305" + }, + { + "name": "oval:org.mitre.oval:def:11266", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" + }, + { + "name": "RHSA-2007:0132", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" + }, + { + "name": "24772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24772" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" + }, + { + "name": "[3.9] 021: SECURITY FIX: April 4, 2007", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata39.html#021_xorg" + }, + { + "name": "http://issues.foresightlinux.org/browse/FL-223", + "refsource": "CONFIRM", + "url": "http://issues.foresightlinux.org/browse/FL-223" + }, + { + "name": "MDKSA-2007:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1403.json b/2007/1xxx/CVE-2007-1403.json index e6fa54d02c8..5065dc8c119 100644 --- a/2007/1xxx/CVE-2007-1403.json +++ b/2007/1xxx/CVE-2007-1403.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3421", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3421" - }, - { - "name" : "22842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22842" - }, - { - "name" : "36005", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36005", + "refsource": "OSVDB", + "url": "http://osvdb.org/36005" + }, + { + "name": "22842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22842" + }, + { + "name": "3421", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3421" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3351.json b/2007/3xxx/CVE-2007-3351.json index 9fa8326dfd9..fc68fe11f63 100644 --- a/2007/3xxx/CVE-2007-3351.json +++ b/2007/3xxx/CVE-2007-3351.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=217&", - "refsource" : "MISC", - "url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=217&" - }, - { - "name" : "24549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24549" - }, - { - "name" : "sjphone-sip-rtp-dos(35078)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=217&", + "refsource": "MISC", + "url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=217&" + }, + { + "name": "sjphone-sip-rtp-dos(35078)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35078" + }, + { + "name": "24549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24549" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3442.json b/2007/3xxx/CVE-2007-3442.json index 6a33f7e32ba..b95a161220c 100644 --- a/2007/3xxx/CVE-2007-3442.json +++ b/2007/3xxx/CVE-2007-3442.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=208&", - "refsource" : "MISC", - "url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=208&" - }, - { - "name" : "http://www.blackberry.com/btsc/articles/218/KB12707_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/btsc/articles/218/KB12707_f.SAL_Public.html" - }, - { - "name" : "VU#619465", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/619465" - }, - { - "name" : "37646", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37646" - }, - { - "name" : "25824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25824" - }, - { - "name" : "blackberry-sip-dos(35077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#619465", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/619465" + }, + { + "name": "http://www.blackberry.com/btsc/articles/218/KB12707_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/btsc/articles/218/KB12707_f.SAL_Public.html" + }, + { + "name": "37646", + "refsource": "OSVDB", + "url": "http://osvdb.org/37646" + }, + { + "name": "25824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25824" + }, + { + "name": "blackberry-sip-dos(35077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35077" + }, + { + "name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=208&", + "refsource": "MISC", + "url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=208&" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3600.json b/2007/3xxx/CVE-2007-3600.json index d8e0b5186a4..a0467934dd9 100644 --- a/2007/3xxx/CVE-2007-3600.json +++ b/2007/3xxx/CVE-2007-3600.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845", - "refsource" : "MISC", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845" - }, - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", - "refsource" : "CONFIRM", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9" - }, - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790", - "refsource" : "CONFIRM", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790" - }, - { - "name" : "45784", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790", + "refsource": "CONFIRM", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790" + }, + { + "name": "45784", + "refsource": "OSVDB", + "url": "http://osvdb.org/45784" + }, + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", + "refsource": "CONFIRM", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9" + }, + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845", + "refsource": "MISC", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4121.json b/2007/4xxx/CVE-2007-4121.json index 50b3ed38224..0e422288027 100644 --- a/2007/4xxx/CVE-2007-4121.json +++ b/2007/4xxx/CVE-2007-4121.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070728 E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475062/100/0/threaded" - }, - { - "name" : "http://outlaw.aria-security.info/?p=11", - "refsource" : "MISC", - "url" : "http://outlaw.aria-security.info/?p=11" - }, - { - "name" : "25125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25125" - }, - { - "name" : "26277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26277" - }, - { - "name" : "2944", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2944" - }, - { - "name" : "ecommerce-admin-sql-injection(35680)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ecommerce-admin-sql-injection(35680)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35680" + }, + { + "name": "http://outlaw.aria-security.info/?p=11", + "refsource": "MISC", + "url": "http://outlaw.aria-security.info/?p=11" + }, + { + "name": "20070728 E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475062/100/0/threaded" + }, + { + "name": "2944", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2944" + }, + { + "name": "25125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25125" + }, + { + "name": "26277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26277" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4296.json b/2007/4xxx/CVE-2007-4296.json index 975bce60faa..9259f4c66a5 100644 --- a/2007/4xxx/CVE-2007-4296.json +++ b/2007/4xxx/CVE-2007-4296.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (ASSP) 1.3.3 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=722845", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=722845" - }, - { - "name" : "25249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25249" - }, - { - "name" : "ADV-2007-2834", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2834" - }, - { - "name" : "39524", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39524" - }, - { - "name" : "26316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26316" - }, - { - "name" : "assp-assp-unspecified(35910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (ASSP) 1.3.3 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=722845", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=722845" + }, + { + "name": "assp-assp-unspecified(35910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35910" + }, + { + "name": "39524", + "refsource": "OSVDB", + "url": "http://osvdb.org/39524" + }, + { + "name": "ADV-2007-2834", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2834" + }, + { + "name": "26316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26316" + }, + { + "name": "25249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25249" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4421.json b/2007/4xxx/CVE-2007-4421.json index 9ae9197515c..02cbc27109c 100644 --- a/2007/4xxx/CVE-2007-4421.json +++ b/2007/4xxx/CVE-2007-4421.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476760/100/0/threaded" - }, - { - "name" : "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477223/100/0/threaded" - }, - { - "name" : "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=727807", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=727807" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628" - }, - { - "name" : "25384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25384" - }, - { - "name" : "39712", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39712" - }, - { - "name" : "26533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26533" - }, - { - "name" : "3028", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3028" - }, - { - "name" : "olatedownload-cookie-sql-injection(36089)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=188052&release_id=533628" + }, + { + "name": "25384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25384" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=727807", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=727807" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=533628&group_id=188052" + }, + { + "name": "26533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26533" + }, + { + "name": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html" + }, + { + "name": "olatedownload-cookie-sql-injection(36089)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36089" + }, + { + "name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded" + }, + { + "name": "39712", + "refsource": "OSVDB", + "url": "http://osvdb.org/39712" + }, + { + "name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded" + }, + { + "name": "3028", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3028" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4442.json b/2007/4xxx/CVE-2007-4442.json index 7a5228e6044..479d80d12bb 100644 --- a/2007/4xxx/CVE-2007-4442.json +++ b/2007/4xxx/CVE-2007-4442.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070818 Unexploitable buffer-overflow in the logging function of the Unreal engine", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477026/100/0/threaded" - }, - { - "name" : "http://aluigi.org/adv/unrwebdos-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/unrwebdos-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/unrwebdos.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/unrwebdos.zip" - }, - { - "name" : "25374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25374" - }, - { - "name" : "26506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26506" - }, - { - "name" : "3039", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3039" - }, - { - "name" : "unreal-logging-bo(36102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "unreal-logging-bo(36102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36102" + }, + { + "name": "20070818 Unexploitable buffer-overflow in the logging function of the Unreal engine", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477026/100/0/threaded" + }, + { + "name": "26506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26506" + }, + { + "name": "3039", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3039" + }, + { + "name": "25374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25374" + }, + { + "name": "http://aluigi.org/poc/unrwebdos.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/unrwebdos.zip" + }, + { + "name": "http://aluigi.org/adv/unrwebdos-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/unrwebdos-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5178.json b/2014/5xxx/CVE-2014-5178.json index 796b23e347c..ee218e51ac2 100644 --- a/2014/5xxx/CVE-2014-5178.json +++ b/2014/5xxx/CVE-2014-5178.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1) creating a topic or (2) posting an answer. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140725 Easy file sharing web server - persist XSS in forum msgs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532897/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/127622/Easy-File-Sharing-Persistent-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127622/Easy-File-Sharing-Persistent-Cross-Site-Scripting.html" - }, - { - "name" : "60524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60524" - }, - { - "name" : "easyfilesharing-webserver-xss(94887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1) creating a topic or (2) posting an answer. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127622/Easy-File-Sharing-Persistent-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127622/Easy-File-Sharing-Persistent-Cross-Site-Scripting.html" + }, + { + "name": "60524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60524" + }, + { + "name": "easyfilesharing-webserver-xss(94887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94887" + }, + { + "name": "20140725 Easy file sharing web server - persist XSS in forum msgs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532897/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5188.json b/2014/5xxx/CVE-2014-5188.json index 904c6373f67..3ed828c2f0f 100644 --- a/2014/5xxx/CVE-2014-5188.json +++ b/2014/5xxx/CVE-2014-5188.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html" - }, - { - "name" : "http://xerosecurity.com/?p=94", - "refsource" : "MISC", - "url" : "http://xerosecurity.com/?p=94" - }, - { - "name" : "68973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68973" - }, - { - "name" : "listmanager-doemailpassword-xss(95024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html" + }, + { + "name": "http://xerosecurity.com/?p=94", + "refsource": "MISC", + "url": "http://xerosecurity.com/?p=94" + }, + { + "name": "68973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68973" + }, + { + "name": "listmanager-doemailpassword-xss(95024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95024" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2170.json b/2015/2xxx/CVE-2015-2170.json index e1e901b9413..0b09455f69e 100644 --- a/2015/2xxx/CVE-2015-2170.json +++ b/2015/2xxx/CVE-2015-2170.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html" - }, - { - "name" : "GLSA-201512-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-08" - }, - { - "name" : "openSUSE-SU-2015:0906", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html" - }, - { - "name" : "USN-2594-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2594-1" - }, - { - "name" : "74443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2594-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2594-1" + }, + { + "name": "GLSA-201512-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-08" + }, + { + "name": "http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html", + "refsource": "CONFIRM", + "url": "http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html" + }, + { + "name": "74443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74443" + }, + { + "name": "openSUSE-SU-2015:0906", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2357.json b/2015/2xxx/CVE-2015-2357.json index 2593662faf5..8ba21233baa 100644 --- a/2015/2xxx/CVE-2015-2357.json +++ b/2015/2xxx/CVE-2015-2357.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2357", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2357", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2622.json b/2015/2xxx/CVE-2015-2622.json index ce00155c121..d6d7c2871c7 100644 --- a/2015/2xxx/CVE-2015-2622.json +++ b/2015/2xxx/CVE-2015-2622.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via unknown vectors related to Fluid Core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032917", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via unknown vectors related to Fluid Core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032917", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032917" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2645.json b/2015/2xxx/CVE-2015-2645.json index c9a98822a90..886c4d75a77 100644 --- a/2015/2xxx/CVE-2015-2645.json +++ b/2015/2xxx/CVE-2015-2645.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032926", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032926", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032926" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2820.json b/2015/2xxx/CVE-2015-2820.json index 465b78c0c66..47d3c2bd7b3 100644 --- a/2015/2xxx/CVE-2015-2820.json +++ b/2015/2xxx/CVE-2015-2820.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150625 [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535832/100/800/threaded" - }, - { - "name" : "20150623 ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/66" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-15-008-sap-afaria-7-xclistener-buffer-overflow/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-15-008-sap-afaria-7-xclistener-buffer-overflow/" - }, - { - "name" : "http://packetstormsecurity.com/files/132362/SAP-Afaria-7-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132362/SAP-Afaria-7-Denial-Of-Service.html" - }, - { - "name" : "73898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132362/SAP-Afaria-7-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132362/SAP-Afaria-7-Denial-Of-Service.html" + }, + { + "name": "20150625 [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535832/100/800/threaded" + }, + { + "name": "20150623 ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/66" + }, + { + "name": "https://erpscan.io/advisories/erpscan-15-008-sap-afaria-7-xclistener-buffer-overflow/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-15-008-sap-afaria-7-xclistener-buffer-overflow/" + }, + { + "name": "73898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73898" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2840.json b/2015/2xxx/CVE-2015-2840.json index d6a63fcb6d8..b06eada936a 100644 --- a/2015/2xxx/CVE-2015-2840.json +++ b/2015/2xxx/CVE-2015-2840.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150319 Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534934/100/0/threaded" - }, - { - "name" : "20150319 Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/130" - }, - { - "name" : "http://packetstormsecurity.com/files/130936/Citrix-NetScaler-VPX-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130936/Citrix-NetScaler-VPX-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.securify.nl/advisory/SFY20140807/citrix_netscaler_vpx_help_pages_are_vulnerable_to_cross_site_scripting.html", - "refsource" : "MISC", - "url" : "https://www.securify.nl/advisory/SFY20140807/citrix_netscaler_vpx_help_pages_are_vulnerable_to_cross_site_scripting.html" - }, - { - "name" : "73342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130936/Citrix-NetScaler-VPX-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130936/Citrix-NetScaler-VPX-Cross-Site-Scripting.html" + }, + { + "name": "https://www.securify.nl/advisory/SFY20140807/citrix_netscaler_vpx_help_pages_are_vulnerable_to_cross_site_scripting.html", + "refsource": "MISC", + "url": "https://www.securify.nl/advisory/SFY20140807/citrix_netscaler_vpx_help_pages_are_vulnerable_to_cross_site_scripting.html" + }, + { + "name": "73342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73342" + }, + { + "name": "20150319 Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534934/100/0/threaded" + }, + { + "name": "20150319 Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/130" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2955.json b/2015/2xxx/CVE-2015-2955.json index 0e13cc6166a..6ba26190a55 100644 --- a/2015/2xxx/CVE-2015-2955.json +++ b/2015/2xxx/CVE-2015-2955.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-2955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN05559185/995646/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN05559185/995646/index.html" - }, - { - "name" : "JVN#05559185", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN05559185/index.html" - }, - { - "name" : "JVNDB-2015-000080", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000080" - }, - { - "name" : "75074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN05559185/995646/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN05559185/995646/index.html" + }, + { + "name": "JVNDB-2015-000080", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000080" + }, + { + "name": "JVN#05559185", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN05559185/index.html" + }, + { + "name": "75074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75074" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6314.json b/2015/6xxx/CVE-2015-6314.json index aede16e5b21..449eb8150d2 100644 --- a/2015/6xxx/CVE-2015-6314.json +++ b/2015/6xxx/CVE-2015-6314.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160113 Cisco Wireless LAN Controller Unauthorized Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc" - }, - { - "name" : "1034665", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160113 Cisco Wireless LAN Controller Unauthorized Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc" + }, + { + "name": "1034665", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034665" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6403.json b/2015/6xxx/CVE-2015-6403.json index 2d39e3ca171..9be51930b9d 100644 --- a/2015/6xxx/CVE-2015-6403.json +++ b/2015/6xxx/CVE-2015-6403.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151209 Multiple Cisco IP Phones Firmware Image Upload Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp" - }, - { - "name" : "78739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78739" - }, - { - "name" : "1034376", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034376", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034376" + }, + { + "name": "78739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78739" + }, + { + "name": "20151209 Multiple Cisco IP Phones Firmware Image Upload Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6689.json b/2015/6xxx/CVE-2015-6689.json index 3df20210ee3..a474dbb3648 100644 --- a/2015/6xxx/CVE-2015-6689.json +++ b/2015/6xxx/CVE-2015-6689.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-6689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-470", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-470" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" - }, - { - "name" : "1033796", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" + }, + { + "name": "1033796", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033796" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-470", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-470" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6909.json b/2015/6xxx/CVE-2015-6909.json index 24eccce6b23..61de25e0ffe 100644 --- a/2015/6xxx/CVE-2015-6909.json +++ b/2015/6xxx/CVE-2015-6909.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"Create download task via file upload\" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150909 Multiple Cross-Site Scripting vulnerabilities in Synology Download Station", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536428/100/0/threaded" - }, - { - "name" : "20150909 Multiple Cross-Site Scripting vulnerabilities in Synology Download Station", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/32" - }, - { - "name" : "http://packetstormsecurity.com/files/133520/Synology-Download-Station-3.5-2956-3.5-2962-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133520/Synology-Download-Station-3.5-2956-3.5-2962-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.securify.nl/advisory/SFY20150809/multiple_cross_site_scripting_vulnerabilities_in_synology_download_station.html", - "refsource" : "MISC", - "url" : "https://www.securify.nl/advisory/SFY20150809/multiple_cross_site_scripting_vulnerabilities_in_synology_download_station.html" - }, - { - "name" : "https://www.synology.com/en-global/releaseNote/DownloadStation?model=DS715", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/releaseNote/DownloadStation?model=DS715" - }, - { - "name" : "https://www.synology.com/en-global/support/security/Download_Station_3_5_2962", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Download_Station_3_5_2962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"Create download task via file upload\" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150909 Multiple Cross-Site Scripting vulnerabilities in Synology Download Station", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536428/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/133520/Synology-Download-Station-3.5-2956-3.5-2962-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133520/Synology-Download-Station-3.5-2956-3.5-2962-Cross-Site-Scripting.html" + }, + { + "name": "https://www.synology.com/en-global/releaseNote/DownloadStation?model=DS715", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/releaseNote/DownloadStation?model=DS715" + }, + { + "name": "https://www.securify.nl/advisory/SFY20150809/multiple_cross_site_scripting_vulnerabilities_in_synology_download_station.html", + "refsource": "MISC", + "url": "https://www.securify.nl/advisory/SFY20150809/multiple_cross_site_scripting_vulnerabilities_in_synology_download_station.html" + }, + { + "name": "https://www.synology.com/en-global/support/security/Download_Station_3_5_2962", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Download_Station_3_5_2962" + }, + { + "name": "20150909 Multiple Cross-Site Scripting vulnerabilities in Synology Download Station", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/32" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7005.json b/2015/7xxx/CVE-2015-7005.json index 741ce41281b..aa9142a653f 100644 --- a/2015/7xxx/CVE-2015-7005.json +++ b/2015/7xxx/CVE-2015-7005.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-7005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205370", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205370" - }, - { - "name" : "APPLE-SA-2015-10-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" - }, - { - "name" : "1033929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" + }, + { + "name": "https://support.apple.com/HT205370", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205370" + }, + { + "name": "1033929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033929" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7149.json b/2015/7xxx/CVE-2015-7149.json index f6990f17266..ff2c7bcf7a0 100644 --- a/2015/7xxx/CVE-2015-7149.json +++ b/2015/7xxx/CVE-2015-7149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7149", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7149", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7851.json b/2015/7xxx/CVE-2015-7851.json index cd0ab23f5f8..78c73a834ed 100644 --- a/2015/7xxx/CVE-2015-7851.json +++ b/2015/7xxx/CVE-2015-7851.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7851", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7851", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0073.json b/2016/0xxx/CVE-2016-0073.json index 21e1f18e8ea..29c5ac9f1ec 100644 --- a/2016/0xxx/CVE-2016-0073.json +++ b/2016/0xxx/CVE-2016-0073.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka \"Windows Kernel Local Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0075." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40574", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40574/" - }, - { - "name" : "MS16-124", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-124" - }, - { - "name" : "93355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka \"Windows Kernel Local Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0075." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40574", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40574/" + }, + { + "name": "MS16-124", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-124" + }, + { + "name": "93355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93355" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0300.json b/2016/0xxx/CVE-2016-0300.json index 3b5021d4891..6d0b2cea52a 100644 --- a/2016/0xxx/CVE-2016-0300.json +++ b/2016/0xxx/CVE-2016-0300.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21979760", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21979760" - }, - { - "name" : "ibm-tririga-cve20160300-sec-bypass(111412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/111412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-tririga-cve20160300-sec-bypass(111412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111412" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979760", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979760" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0565.json b/2016/0xxx/CVE-2016-0565.json index a7e30d35751..c7ec01b8b52 100644 --- a/2016/0xxx/CVE-2016-0565.json +++ b/2016/0xxx/CVE-2016-0565.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034726" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0609.json b/2016/0xxx/CVE-2016-0609.json index 0f9ef69c0da..e45af22ce26 100644 --- a/2016/0xxx/CVE-2016-0609.json +++ b/2016/0xxx/CVE-2016-0609.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/" - }, - { - "name" : "https://mariadb.com/kb/en/mdb-10023-rn/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mdb-10023-rn/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3453", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3453" - }, - { - "name" : "DSA-3459", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3459" - }, - { - "name" : "RHSA-2016:0534", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0534.html" - }, - { - "name" : "RHSA-2016:0705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:1480", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1480.html" - }, - { - "name" : "RHSA-2016:1481", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1481.html" - }, - { - "name" : "openSUSE-SU-2016:0367", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:1686", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html" - }, - { - "name" : "SUSE-SU-2016:1619", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html" - }, - { - "name" : "SUSE-SU-2016:1620", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html" - }, - { - "name" : "openSUSE-SU-2016:1664", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html" - }, - { - "name" : "openSUSE-SU-2016:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" - }, - { - "name" : "USN-2881-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2881-1" - }, - { - "name" : "81258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81258" - }, - { - "name" : "1034708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1620", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html" + }, + { + "name": "RHSA-2016:1481", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1481.html" + }, + { + "name": "openSUSE-SU-2016:0367", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "DSA-3459", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3459" + }, + { + "name": "1034708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034708" + }, + { + "name": "RHSA-2016:0534", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0534.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "SUSE-SU-2016:1619", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "RHSA-2016:1480", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1480.html" + }, + { + "name": "openSUSE-SU-2016:1664", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html" + }, + { + "name": "81258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81258" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://mariadb.com/kb/en/mdb-10023-rn/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mdb-10023-rn/" + }, + { + "name": "USN-2881-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2881-1" + }, + { + "name": "openSUSE-SU-2016:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" + }, + { + "name": "DSA-3453", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3453" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/" + }, + { + "name": "openSUSE-SU-2016:1686", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/" + }, + { + "name": "RHSA-2016:0705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0844.json b/2016/0xxx/CVE-2016-0844.json index 04c786fa948..79e08ff070f 100644 --- a/2016/0xxx/CVE-2016-0844.json +++ b/2016/0xxx/CVE-2016-0844.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-0844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/sepolicy/+/57531cacb40682be4b1189c721fd1e7f25bf3786", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/sepolicy/+/57531cacb40682be4b1189c721fd1e7f25bf3786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/external/sepolicy/+/57531cacb40682be4b1189c721fd1e7f25bf3786", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/sepolicy/+/57531cacb40682be4b1189c721fd1e7f25bf3786" + }, + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10116.json b/2016/10xxx/CVE-2016-10116.json index 099102a77b3..509b93f141e 100644 --- a/2016/10xxx/CVE-2016-10116.json +++ b/2016/10xxx/CVE-2016-10116.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.newskysecurity.com/2016/09/brute-force-vulnerability-netgear-arlo/", - "refsource" : "MISC", - "url" : "http://blog.newskysecurity.com/2016/09/brute-force-vulnerability-netgear-arlo/" - }, - { - "name" : "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability", - "refsource" : "MISC", - "url" : "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability" - }, - { - "name" : "95266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability", + "refsource": "MISC", + "url": "http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability" + }, + { + "name": "95266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95266" + }, + { + "name": "http://blog.newskysecurity.com/2016/09/brute-force-vulnerability-netgear-arlo/", + "refsource": "MISC", + "url": "http://blog.newskysecurity.com/2016/09/brute-force-vulnerability-netgear-arlo/" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1578.json b/2016/1xxx/CVE-2016-1578.json index b2386ad7777..fdb28259dc8 100644 --- a/2016/1xxx/CVE-2016-1578.json +++ b/2016/1xxx/CVE-2016-1578.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2016-1578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-2955-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2955-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2955-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2955-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1682.json b/2016/1xxx/CVE-2016-1682.json index dca1c812822..5930dfb0d29 100644 --- a/2016/1xxx/CVE-2016-1682.json +++ b/2016/1xxx/CVE-2016-1682.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html" - }, - { - "name" : "https://codereview.chromium.org/1861253004", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1861253004" - }, - { - "name" : "https://crbug.com/579801", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/579801" - }, - { - "name" : "DSA-3590", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3590" - }, - { - "name" : "GLSA-201607-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-07" - }, - { - "name" : "RHSA-2016:1190", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1190" - }, - { - "name" : "openSUSE-SU-2016:1430", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html" - }, - { - "name" : "openSUSE-SU-2016:1433", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html" - }, - { - "name" : "openSUSE-SU-2016:1496", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html" - }, - { - "name" : "USN-2992-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2992-1" - }, - { - "name" : "90876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90876" - }, - { - "name" : "1035981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/579801", + "refsource": "CONFIRM", + "url": "https://crbug.com/579801" + }, + { + "name": "90876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90876" + }, + { + "name": "openSUSE-SU-2016:1496", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html" + }, + { + "name": "1035981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035981" + }, + { + "name": "DSA-3590", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3590" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html" + }, + { + "name": "USN-2992-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2992-1" + }, + { + "name": "openSUSE-SU-2016:1430", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html" + }, + { + "name": "RHSA-2016:1190", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1190" + }, + { + "name": "https://codereview.chromium.org/1861253004", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1861253004" + }, + { + "name": "GLSA-201607-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-07" + }, + { + "name": "openSUSE-SU-2016:1433", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4111.json b/2016/4xxx/CVE-2016-4111.json index f39eea66154..571df706a83 100644 --- a/2016/4xxx/CVE-2016-4111.json +++ b/2016/4xxx/CVE-2016-4111.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" - }, - { - "name" : "MS16-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064" - }, - { - "name" : "RHSA-2016:1079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1079.html" - }, - { - "name" : "SUSE-SU-2016:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html" - }, - { - "name" : "90618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90618" - }, - { - "name" : "1035827", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html" + }, + { + "name": "90618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90618" + }, + { + "name": "1035827", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035827" + }, + { + "name": "MS16-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" + }, + { + "name": "RHSA-2016:1079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4253.json b/2016/4xxx/CVE-2016-4253.json index f0a215fb655..e82794876c5 100644 --- a/2016/4xxx/CVE-2016-4253.json +++ b/2016/4xxx/CVE-2016-4253.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html" - }, - { - "name" : "92380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92380" - }, - { - "name" : "1036563", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036563", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036563" + }, + { + "name": "92380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92380" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4643.json b/2016/4xxx/CVE-2016-4643.json index 97358827a15..bb694092162 100644 --- a/2016/4xxx/CVE-2016-4643.json +++ b/2016/4xxx/CVE-2016-4643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206902", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT206902" - }, - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "MISC", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "https://support.apple.com/HT206905", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT206902", + "refsource": "MISC", + "url": "https://support.apple.com/HT206902" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "MISC", + "url": "https://support.apple.com/HT206903" + }, + { + "name": "https://support.apple.com/HT206905", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206905" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4827.json b/2016/4xxx/CVE-2016-4827.json index c8e3b229f24..95b313c1170 100644 --- a/2016/4xxx/CVE-2016-4827.json +++ b/2016/4xxx/CVE-2016-4827.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.welcart.com/community/archives/78977", - "refsource" : "CONFIRM", - "url" : "http://www.welcart.com/community/archives/78977" - }, - { - "name" : "JVN#55826471", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN55826471/index.html" - }, - { - "name" : "JVNDB-2016-000117", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000117", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000117" + }, + { + "name": "http://www.welcart.com/community/archives/78977", + "refsource": "CONFIRM", + "url": "http://www.welcart.com/community/archives/78977" + }, + { + "name": "JVN#55826471", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN55826471/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4949.json b/2016/4xxx/CVE-2016-4949.json index 262461a315d..3bccc01a121 100644 --- a/2016/4xxx/CVE-2016-4949.json +++ b/2016/4xxx/CVE-2016-4949.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process//logs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf", - "refsource" : "MISC", - "url" : "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf" - }, - { - "name" : "93882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process//logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93882" + }, + { + "name": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf", + "refsource": "MISC", + "url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4980.json b/2016/4xxx/CVE-2016-4980.json index f398337d2de..9d3f7dee42c 100644 --- a/2016/4xxx/CVE-2016-4980.json +++ b/2016/4xxx/CVE-2016-4980.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4980", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4980", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9423.json b/2016/9xxx/CVE-2016-9423.json index 64e0c6949f4..5d4f97ea18c 100644 --- a/2016/9xxx/CVE-2016-9423.json +++ b/2016/9xxx/CVE-2016-9423.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3" - }, - { - "name" : "https://github.com/tats/w3m/blob/master/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/blob/master/ChangeLog" - }, - { - "name" : "https://github.com/tats/w3m/issues/9", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/issues/9" - }, - { - "name" : "GLSA-201701-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-08" - }, - { - "name" : "94407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-08" + }, + { + "name": "https://github.com/tats/w3m/issues/9", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/issues/9" + }, + { + "name": "https://github.com/tats/w3m/blob/master/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/blob/master/ChangeLog" + }, + { + "name": "94407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94407" + }, + { + "name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2972.json b/2019/2xxx/CVE-2019-2972.json index cdde2679a80..15780324bb7 100644 --- a/2019/2xxx/CVE-2019-2972.json +++ b/2019/2xxx/CVE-2019-2972.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2972", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2972", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3110.json b/2019/3xxx/CVE-2019-3110.json index 656a499920e..e264bc1f1fc 100644 --- a/2019/3xxx/CVE-2019-3110.json +++ b/2019/3xxx/CVE-2019-3110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3289.json b/2019/3xxx/CVE-2019-3289.json index 3e960b7fd06..7474aba037a 100644 --- a/2019/3xxx/CVE-2019-3289.json +++ b/2019/3xxx/CVE-2019-3289.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3289", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3289", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3329.json b/2019/3xxx/CVE-2019-3329.json index 593282ec3a2..291ec0383b5 100644 --- a/2019/3xxx/CVE-2019-3329.json +++ b/2019/3xxx/CVE-2019-3329.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3329", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3329", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3360.json b/2019/3xxx/CVE-2019-3360.json index a1b75fd51f4..f519ef29bff 100644 --- a/2019/3xxx/CVE-2019-3360.json +++ b/2019/3xxx/CVE-2019-3360.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3360", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3360", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4407.json b/2019/4xxx/CVE-2019-4407.json index 51a0c8077c4..13b05986f9e 100644 --- a/2019/4xxx/CVE-2019-4407.json +++ b/2019/4xxx/CVE-2019-4407.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4407", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4407", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6235.json b/2019/6xxx/CVE-2019-6235.json index 475657e69a6..5c72d3f7ec2 100644 --- a/2019/6xxx/CVE-2019-6235.json +++ b/2019/6xxx/CVE-2019-6235.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2019-6235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "iOS 12.1.3" - } - ] - } - }, - { - "product_name" : "macOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "macOS Mojave 10.14.3" - } - ] - } - }, - { - "product_name" : "tvOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "tvOS 12.1.2" - } - ] - } - }, - { - "product_name" : "watchOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "watchOS 5.1.3" - } - ] - } - }, - { - "product_name" : "iTunes for Windows", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "iTunes 12.9.3 for Windows" - } - ] - } - } - ] - }, - "vendor_name" : "Apple" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A sandboxed process may be able to circumvent sandbox restrictions" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2019-6235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 12.1.3" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Mojave 10.14.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 12.1.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 5.1.3" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.9.3 for Windows" + } + ] + } + } + ] + }, + "vendor_name": "Apple" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT209443", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209443" - }, - { - "name" : "https://support.apple.com/HT209446", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209446" - }, - { - "name" : "https://support.apple.com/HT209447", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209447" - }, - { - "name" : "https://support.apple.com/HT209448", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209448" - }, - { - "name" : "https://support.apple.com/HT209450", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209450" - }, - { - "name" : "106724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A sandboxed process may be able to circumvent sandbox restrictions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106724" + }, + { + "name": "https://support.apple.com/HT209446", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209446" + }, + { + "name": "https://support.apple.com/HT209443", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209443" + }, + { + "name": "https://support.apple.com/HT209450", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209450" + }, + { + "name": "https://support.apple.com/HT209448", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209448" + }, + { + "name": "https://support.apple.com/HT209447", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209447" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6401.json b/2019/6xxx/CVE-2019-6401.json index 867fed504e5..cd8e22820af 100644 --- a/2019/6xxx/CVE-2019-6401.json +++ b/2019/6xxx/CVE-2019-6401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6401", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6401", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6734.json b/2019/6xxx/CVE-2019-6734.json index 6ced4b3b73d..73313d31251 100644 --- a/2019/6xxx/CVE-2019-6734.json +++ b/2019/6xxx/CVE-2019-6734.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6734", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6734", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6750.json b/2019/6xxx/CVE-2019-6750.json index a94c07c0d44..c179467cb14 100644 --- a/2019/6xxx/CVE-2019-6750.json +++ b/2019/6xxx/CVE-2019-6750.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6750", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6750", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6824.json b/2019/6xxx/CVE-2019-6824.json index 59ed12e4bcd..07682370019 100644 --- a/2019/6xxx/CVE-2019-6824.json +++ b/2019/6xxx/CVE-2019-6824.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6824", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6824", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7122.json b/2019/7xxx/CVE-2019-7122.json index 03d8f46f6b1..64734b52816 100644 --- a/2019/7xxx/CVE-2019-7122.json +++ b/2019/7xxx/CVE-2019-7122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7122", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7122", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7678.json b/2019/7xxx/CVE-2019-7678.json index 5616dc15612..1b1980dfbfe 100644 --- a/2019/7xxx/CVE-2019-7678.json +++ b/2019/7xxx/CVE-2019-7678.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_1.png", - "refsource" : "MISC", - "url" : "https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_1.png" - }, - { - "name" : "https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_exp.txt", - "refsource" : "MISC", - "url" : "https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_exp.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_1.png", + "refsource": "MISC", + "url": "https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_1.png" + }, + { + "name": "https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_exp.txt", + "refsource": "MISC", + "url": "https://github.com/pudding2/enphase-energy/blob/master/directory_traversal_exp.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7740.json b/2019/7xxx/CVE-2019-7740.json index d9dad5c3bb1..4ee046fdd20 100644 --- a/2019/7xxx/CVE-2019-7740.json +++ b/2019/7xxx/CVE-2019-7740.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist", - "refsource" : "MISC", - "url" : "https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist", + "refsource": "MISC", + "url": "https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7884.json b/2019/7xxx/CVE-2019-7884.json index 41d78b5097a..6d120d66cd5 100644 --- a/2019/7xxx/CVE-2019-7884.json +++ b/2019/7xxx/CVE-2019-7884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7884", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7884", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8718.json b/2019/8xxx/CVE-2019-8718.json index d79509f5fe9..97a44d87015 100644 --- a/2019/8xxx/CVE-2019-8718.json +++ b/2019/8xxx/CVE-2019-8718.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8718", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8718", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8726.json b/2019/8xxx/CVE-2019-8726.json index 9b775a22023..c9ae61c6692 100644 --- a/2019/8xxx/CVE-2019-8726.json +++ b/2019/8xxx/CVE-2019-8726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8726", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8726", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8940.json b/2019/8xxx/CVE-2019-8940.json index fdf9ec93d63..b77937859c8 100644 --- a/2019/8xxx/CVE-2019-8940.json +++ b/2019/8xxx/CVE-2019-8940.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8940", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8940", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9291.json b/2019/9xxx/CVE-2019-9291.json index cfd91bff18c..56eb221f8b4 100644 --- a/2019/9xxx/CVE-2019-9291.json +++ b/2019/9xxx/CVE-2019-9291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9561.json b/2019/9xxx/CVE-2019-9561.json index 5c47752c819..8923845ce65 100644 --- a/2019/9xxx/CVE-2019-9561.json +++ b/2019/9xxx/CVE-2019-9561.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9561", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9561", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9600.json b/2019/9xxx/CVE-2019-9600.json index 52a3f8b7974..2a84016dce2 100644 --- a/2019/9xxx/CVE-2019-9600.json +++ b/2019/9xxx/CVE-2019-9600.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46464", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46464" - }, - { - "name" : "https://www.youtube.com/watch?v=C8Nz3YmVc_g", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=C8Nz3YmVc_g" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=C8Nz3YmVc_g", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=C8Nz3YmVc_g" + }, + { + "name": "46464", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46464" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9681.json b/2019/9xxx/CVE-2019-9681.json index ce6072d136e..568a66483ff 100644 --- a/2019/9xxx/CVE-2019-9681.json +++ b/2019/9xxx/CVE-2019-9681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9681", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9681", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file