diff --git a/2007/0xxx/CVE-2007-0321.json b/2007/0xxx/CVE-2007-0321.json index 38f7fd2ef36..d1976abb922 100644 --- a/2007/0xxx/CVE-2007-0321.json +++ b/2007/0xxx/CVE-2007-0321.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-0321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-6UERNR", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-6UERNR" - }, - { - "name" : "http://support.installshield.com/kb/view.asp?articleid=Q113020", - "refsource" : "CONFIRM", - "url" : "http://support.installshield.com/kb/view.asp?articleid=Q113020" - }, - { - "name" : "VU#847993", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/847993" - }, - { - "name" : "ADV-2007-0706", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0706" - }, - { - "name" : "33532", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33532" - }, - { - "name" : "24270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24270" - }, - { - "name" : "macrovision-updateservice-activex-bo(32678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-6UERNR", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-6UERNR" + }, + { + "name": "http://support.installshield.com/kb/view.asp?articleid=Q113020", + "refsource": "CONFIRM", + "url": "http://support.installshield.com/kb/view.asp?articleid=Q113020" + }, + { + "name": "macrovision-updateservice-activex-bo(32678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32678" + }, + { + "name": "33532", + "refsource": "OSVDB", + "url": "http://osvdb.org/33532" + }, + { + "name": "24270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24270" + }, + { + "name": "VU#847993", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/847993" + }, + { + "name": "ADV-2007-0706", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0706" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2723.json b/2007/2xxx/CVE-2007-2723.json index c188daeb536..d209f619926 100644 --- a/2007/2xxx/CVE-2007-2723.json +++ b/2007/2xxx/CVE-2007-2723.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an \"empty\" .MPA file, which triggers a divide-by-zero error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070514 Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468626/100/0/threaded" - }, - { - "name" : "20070516 Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468758/100/0/threaded" - }, - { - "name" : "23991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23991" - }, - { - "name" : "37376", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37376" - }, - { - "name" : "mpc-mpa-dos(34299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an \"empty\" .MPA file, which triggers a divide-by-zero error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23991" + }, + { + "name": "20070514 Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468626/100/0/threaded" + }, + { + "name": "mpc-mpa-dos(34299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34299" + }, + { + "name": "20070516 Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468758/100/0/threaded" + }, + { + "name": "37376", + "refsource": "OSVDB", + "url": "http://osvdb.org/37376" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2972.json b/2007/2xxx/CVE-2007-2972.json index 794f3f137ad..7f3e71808f6 100644 --- a/2007/2xxx/CVE-2007-2972.json +++ b/2007/2xxx/CVE-2007-2972.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX parsing Divide by Zero Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469880/100/0/threaded" - }, - { - "name" : "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=118040810718045&w=2" - }, - { - "name" : "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt", - "refsource" : "MISC", - "url" : "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt" - }, - { - "name" : "http://forum.antivir-pe.de/thread.php?threadid=22528", - "refsource" : "CONFIRM", - "url" : "http://forum.antivir-pe.de/thread.php?threadid=22528" - }, - { - "name" : "24187", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24187" - }, - { - "name" : "36710", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36710" - }, - { - "name" : "ADV-2007-1971", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1971" - }, - { - "name" : "1018132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018132" - }, - { - "name" : "25417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25417" - }, - { - "name" : "avira-antivir-upx-dos(34556)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "avira-antivir-upx-dos(34556)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34556" + }, + { + "name": "24187", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24187" + }, + { + "name": "http://forum.antivir-pe.de/thread.php?threadid=22528", + "refsource": "CONFIRM", + "url": "http://forum.antivir-pe.de/thread.php?threadid=22528" + }, + { + "name": "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt", + "refsource": "MISC", + "url": "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt" + }, + { + "name": "ADV-2007-1971", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1971" + }, + { + "name": "36710", + "refsource": "OSVDB", + "url": "http://osvdb.org/36710" + }, + { + "name": "25417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25417" + }, + { + "name": "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX parsing Divide by Zero Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469880/100/0/threaded" + }, + { + "name": "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=118040810718045&w=2" + }, + { + "name": "1018132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018132" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3301.json b/2007/3xxx/CVE-2007-3301.json index bde8b971402..8c613126be1 100644 --- a/2007/3xxx/CVE-2007-3301.json +++ b/2007/3xxx/CVE-2007-3301.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070619 fusetalk SQL (autherror.cfm)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471726/100/0/threaded" - }, - { - "name" : "24528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24528" - }, - { - "name" : "38475", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38475" - }, - { - "name" : "25707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25707" - }, - { - "name" : "fusetalk-autherror-sql-injection(34939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24528" + }, + { + "name": "20070619 fusetalk SQL (autherror.cfm)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471726/100/0/threaded" + }, + { + "name": "25707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25707" + }, + { + "name": "fusetalk-autherror-sql-injection(34939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34939" + }, + { + "name": "38475", + "refsource": "OSVDB", + "url": "http://osvdb.org/38475" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3845.json b/2007/3xxx/CVE-2007-3845.json index 382d8a2b05a..917bc771d7c 100644 --- a/2007/3xxx/CVE-2007-3845.json +++ b/2007/3xxx/CVE-2007-3845.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching \"a file handling program based on the file extension at the end of the URI,\" a variant of CVE-2007-4041. NOTE: the vendor states that \"it is still possible to launch a filetype handler based on extension rather than the registered protocol handler.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070801 FLEA-2007-0039-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475265/100/200/threaded" - }, - { - "name" : "20070803 FLEA-2007-0040-1 thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475450/30/5550/threaded" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=389580", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=389580" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=389106", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=389106" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-27.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1600", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1600" - }, - { - "name" : "DSA-1344", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1344" - }, - { - "name" : "DSA-1345", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1345" - }, - { - "name" : "DSA-1346", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1346" - }, - { - "name" : "DSA-1391", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1391" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" - }, - { - "name" : "MDKSA-2007:152", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152" - }, - { - "name" : "MDVSA-2007:047", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2007:047" - }, - { - "name" : "MDVSA-2008:047", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:047" - }, - { - "name" : "SSA:2007-213-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101" - }, - { - "name" : "103177", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1" - }, - { - "name" : "201516", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" - }, - { - "name" : "USN-493-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-493-1" - }, - { - "name" : "USN-503-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-503-1" - }, - { - "name" : "25053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25053" - }, - { - "name" : "ADV-2008-0082", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0082" - }, - { - "name" : "ADV-2007-4256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4256" - }, - { - "name" : "26234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26234" - }, - { - "name" : "26258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26258" - }, - { - "name" : "26309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26309" - }, - { - "name" : "26331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26331" - }, - { - "name" : "26335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26335" - }, - { - "name" : "26303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26303" - }, - { - "name" : "26393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26393" - }, - { - "name" : "26572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26572" - }, - { - "name" : "27326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27326" - }, - { - "name" : "27414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27414" - }, - { - "name" : "28135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching \"a file handling program based on the file extension at the end of the URI,\" a variant of CVE-2007-4041. NOTE: the vendor states that \"it is still possible to launch a filetype handler based on extension rather than the registered protocol handler.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-27.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-27.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1600", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1600" + }, + { + "name": "USN-503-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-503-1" + }, + { + "name": "MDVSA-2008:047", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:047" + }, + { + "name": "27414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27414" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" + }, + { + "name": "26393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26393" + }, + { + "name": "26303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26303" + }, + { + "name": "ADV-2007-4256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4256" + }, + { + "name": "25053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25053" + }, + { + "name": "26309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26309" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "MDKSA-2007:152", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152" + }, + { + "name": "DSA-1345", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1345" + }, + { + "name": "DSA-1391", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1391" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=389580", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=389580" + }, + { + "name": "DSA-1346", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1346" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=389106", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389106" + }, + { + "name": "MDVSA-2007:047", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2007:047" + }, + { + "name": "28135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28135" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" + }, + { + "name": "ADV-2008-0082", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0082" + }, + { + "name": "103177", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1" + }, + { + "name": "USN-493-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-493-1" + }, + { + "name": "26234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26234" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "DSA-1344", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1344" + }, + { + "name": "26258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26258" + }, + { + "name": "27326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27326" + }, + { + "name": "26331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26331" + }, + { + "name": "20070801 FLEA-2007-0039-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475265/100/200/threaded" + }, + { + "name": "201516", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" + }, + { + "name": "20070803 FLEA-2007-0040-1 thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475450/30/5550/threaded" + }, + { + "name": "26335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26335" + }, + { + "name": "26572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26572" + }, + { + "name": "SSA:2007-213-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4269.json b/2007/4xxx/CVE-2007-4269.json index c2b98662b28..c3d1b4596ee 100644 --- a/2007/4xxx/CVE-2007-4269.json +++ b/2007/4xxx/CVE-2007-4269.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071114 Apple Mac OS X AppleTalk ASP Message Kernel Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=629" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307041", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307041" - }, - { - "name" : "APPLE-SA-2007-11-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" - }, - { - "name" : "TA07-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" - }, - { - "name" : "26444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26444" - }, - { - "name" : "ADV-2007-3868", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3868" - }, - { - "name" : "1018950", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018950" - }, - { - "name" : "27643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27643" - }, - { - "name" : "macosx-networking-appletalk-bo(38473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018950", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018950" + }, + { + "name": "26444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26444" + }, + { + "name": "APPLE-SA-2007-11-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307041", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307041" + }, + { + "name": "ADV-2007-3868", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3868" + }, + { + "name": "macosx-networking-appletalk-bo(38473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38473" + }, + { + "name": "27643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27643" + }, + { + "name": "TA07-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" + }, + { + "name": "20071114 Apple Mac OS X AppleTalk ASP Message Kernel Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=629" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4466.json b/2007/4xxx/CVE-2007-4466.json index b6a5aaaf2fa..ace45d24490 100644 --- a/2007/4xxx/CVE-2007-4466.json +++ b/2007/4xxx/CVE-2007-4466.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-4466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#179281", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/179281" - }, - { - "name" : "25970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25970" - }, - { - "name" : "ADV-2007-3415", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3415" - }, - { - "name" : "37723", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37723" - }, - { - "name" : "27143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27143" - }, - { - "name" : "electronicarts-snoopyctrl-bo(37020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3415", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3415" + }, + { + "name": "25970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25970" + }, + { + "name": "27143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27143" + }, + { + "name": "37723", + "refsource": "OSVDB", + "url": "http://osvdb.org/37723" + }, + { + "name": "VU#179281", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/179281" + }, + { + "name": "electronicarts-snoopyctrl-bo(37020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37020" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4777.json b/2007/4xxx/CVE-2007-4777.json index 71c69d2ab93..e4913fc350e 100644 --- a/2007/4xxx/CVE-2007-4777.json +++ b/2007/4xxx/CVE-2007-4777.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070903 Multiple vulnerabilities in Joomla 1.5 RC 1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478451/100/0/threaded" - }, - { - "name" : "http://www.joomla.org/content/view/3831/1/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/3831/1/" - }, - { - "name" : "25508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25508" - }, - { - "name" : "39070", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39070" - }, - { - "name" : "39071", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39071" - }, - { - "name" : "39072", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39072" - }, - { - "name" : "3108", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3108" - }, - { - "name" : "joomla-filter-sql-injection(36423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "joomla-filter-sql-injection(36423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36423" + }, + { + "name": "http://www.joomla.org/content/view/3831/1/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/3831/1/" + }, + { + "name": "25508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25508" + }, + { + "name": "3108", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3108" + }, + { + "name": "20070903 Multiple vulnerabilities in Joomla 1.5 RC 1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478451/100/0/threaded" + }, + { + "name": "39072", + "refsource": "OSVDB", + "url": "http://osvdb.org/39072" + }, + { + "name": "39071", + "refsource": "OSVDB", + "url": "http://osvdb.org/39071" + }, + { + "name": "39070", + "refsource": "OSVDB", + "url": "http://osvdb.org/39070" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6164.json b/2007/6xxx/CVE-2007-6164.json index aef76d614e5..88b76fed313 100644 --- a/2007/6xxx/CVE-2007-6164.json +++ b/2007/6xxx/CVE-2007-6164.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071127 Eurologon CMS Multiple SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484275/100/0/threaded" - }, - { - "name" : "4665", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4665" - }, - { - "name" : "26599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26599" - }, - { - "name" : "eurologoncms-id-sql-injection(38656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4665", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4665" + }, + { + "name": "26599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26599" + }, + { + "name": "20071127 Eurologon CMS Multiple SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484275/100/0/threaded" + }, + { + "name": "eurologoncms-id-sql-injection(38656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38656" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6357.json b/2007/6xxx/CVE-2007-6357.json index 49bd614ee3c..a38b19c8818 100644 --- a/2007/6xxx/CVE-2007-6357.json +++ b/2007/6xxx/CVE-2007-6357.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9052538&source=rss_topic17", - "refsource" : "MISC", - "url" : "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9052538&source=rss_topic17" - }, - { - "name" : "http://www.informationweek.com/shared/printableArticle.jhtml?articleID=204802012", - "refsource" : "MISC", - "url" : "http://www.informationweek.com/shared/printableArticle.jhtml?articleID=204802012" - }, - { - "name" : "http://www.us-cert.gov/current/index.html#microsoft_access_database_file_attachment", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/current/index.html#microsoft_access_database_file_attachment" - }, - { - "name" : "44150", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44150", + "refsource": "OSVDB", + "url": "http://osvdb.org/44150" + }, + { + "name": "http://www.informationweek.com/shared/printableArticle.jhtml?articleID=204802012", + "refsource": "MISC", + "url": "http://www.informationweek.com/shared/printableArticle.jhtml?articleID=204802012" + }, + { + "name": "http://www.us-cert.gov/current/index.html#microsoft_access_database_file_attachment", + "refsource": "MISC", + "url": "http://www.us-cert.gov/current/index.html#microsoft_access_database_file_attachment" + }, + { + "name": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9052538&source=rss_topic17", + "refsource": "MISC", + "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9052538&source=rss_topic17" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1214.json b/2010/1xxx/CVE-2010-1214.json index 83f066cd63a..43a500cfb10 100644 --- a/2010/1xxx/CVE-2010-1214.json +++ b/2010/1xxx/CVE-2010-1214.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-37.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-37.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=572985", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=572985" - }, - { - "name" : "oval:org.mitre.oval:def:11685", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11685", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=572985", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=572985" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-37.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-37.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1248.json b/2010/1xxx/CVE-2010-1248.json index d578b05ff1d..a26ac1c19cd 100644 --- a/2010/1xxx/CVE-2010-1248.json +++ b/2010/1xxx/CVE-2010-1248.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka \"Excel HFPicture Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100608 VUPEN Security Research - Microsoft Office Excel HFPicture Buffer Overflow Vulnerability (CVE-2010-1248)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511765/100/0/threaded" - }, - { - "name" : "MS10-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "40526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40526" - }, - { - "name" : "65235", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65235" - }, - { - "name" : "oval:org.mitre.oval:def:7223", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka \"Excel HFPicture Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100608 VUPEN Security Research - Microsoft Office Excel HFPicture Buffer Overflow Vulnerability (CVE-2010-1248)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511765/100/0/threaded" + }, + { + "name": "MS10-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" + }, + { + "name": "oval:org.mitre.oval:def:7223", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7223" + }, + { + "name": "40526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40526" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + }, + { + "name": "65235", + "refsource": "OSVDB", + "url": "http://osvdb.org/65235" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1612.json b/2010/1xxx/CVE-2010-1612.json index 46f88076498..a6bd78ce7db 100644 --- a/2010/1xxx/CVE-2010-1612.json +++ b/2010/1xxx/CVE-2010-1612.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100126 [IBM Datapower XS40] Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509163/100/0/threaded" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024770", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024770" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024771", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024771" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024772", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024772" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024773", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024773" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024774", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024774" - }, - { - "name" : "IC61364", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61364" - }, - { - "name" : "37952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37952" + }, + { + "name": "IC61364", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61364" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024772", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024772" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024773", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024773" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024771", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024771" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024774", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024774" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024770", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024770" + }, + { + "name": "20100126 [IBM Datapower XS40] Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509163/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1793.json b/2010/1xxx/CVE-2010-1793.json index f1280155d1d..33f6df75f4e 100644 --- a/2010/1xxx/CVE-2010-1793.json +++ b/2010/1xxx/CVE-2010-1793.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4276", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4276" - }, - { - "name" : "http://support.apple.com/kb/HT4334", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4334" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-07-28-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-09-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "RHSA-2011:0177", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "42020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42020" - }, - { - "name" : "oval:org.mitre.oval:def:11923", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11923" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "43086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43086" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0216" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "APPLE-SA-2010-09-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT4334", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4334" + }, + { + "name": "oval:org.mitre.oval:def:11923", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11923" + }, + { + "name": "http://support.apple.com/kb/HT4276", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4276" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2010-07-28-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html" + }, + { + "name": "ADV-2011-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0216" + }, + { + "name": "43086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43086" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "RHSA-2011:0177", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "42020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42020" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0719.json b/2014/0xxx/CVE-2014-0719.json index 477247faaf1..88f8cfdffd3 100644 --- a/2014/0xxx/CVE-2014-0719.json +++ b/2014/0xxx/CVE-2014-0719.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140219 Multiple Vulnerabilities in Cisco IPS Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140219 Multiple Vulnerabilities in Cisco IPS Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1934.json b/2014/1xxx/CVE-2014-1934.json index 919f6313176..079d9f89b92 100644 --- a/2014/1xxx/CVE-2014-1934.json +++ b/2014/1xxx/CVE-2014-1934.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1063671", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1063671" - }, - { - "name" : "openSUSE-SU-2014:0619", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00027.html" - }, - { - "name" : "openSUSE-SU-2014:0620", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00028.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1063671", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063671" + }, + { + "name": "openSUSE-SU-2014:0619", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00027.html" + }, + { + "name": "openSUSE-SU-2014:0620", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00028.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1977.json b/2014/1xxx/CVE-2014-1977.json index 8444999b5ff..93a059a8619 100644 --- a/2014/1xxx/CVE-2014-1977.json +++ b/2014/1xxx/CVE-2014-1977.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-1977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#81739241", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN81739241/index.html" - }, - { - "name" : "JVNDB-2014-000027", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000027", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027" + }, + { + "name": "JVN#81739241", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN81739241/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2176.json b/2015/2xxx/CVE-2015-2176.json index 7c78e3e0b09..17ce0913802 100644 --- a/2015/2xxx/CVE-2015-2176.json +++ b/2015/2xxx/CVE-2015-2176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2176", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2176", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2811.json b/2015/2xxx/CVE-2015-2811.json index a00da134ba8..8091ca94b64 100644 --- a/2015/2xxx/CVE-2015-2811.json +++ b/2015/2xxx/CVE-2015-2811.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150625 [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535827/100/800/threaded" - }, - { - "name" : "20150623 ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/64" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/" - }, - { - "name" : "http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html" - }, - { - "name" : "73691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150623 ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/64" + }, + { + "name": "20150625 [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535827/100/800/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html" + }, + { + "name": "73691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73691" + }, + { + "name": "https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0912.json b/2016/0xxx/CVE-2016-0912.json index 740456edece..8255c9b7eee 100644 --- a/2016/0xxx/CVE-2016-0912.json +++ b/2016/0xxx/CVE-2016-0912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-0912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-0912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160610 ESA-2016-062: EMC Data Domain Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Jun/50" - }, - { - "name" : "1036079", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036079", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036079" + }, + { + "name": "20160610 ESA-2016-062: EMC Data Domain Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Jun/50" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000142.json b/2016/1000xxx/CVE-2016-1000142.json index 37d97d41d47..4fbbf15b3c0 100644 --- a/2016/1000xxx/CVE-2016-1000142.json +++ b/2016/1000xxx/CVE-2016-1000142.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected XSS in wordpress plugin parsi-font v4.2.5" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/wp/wp_advisory.php?v=435", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/wp/wp_advisory.php?v=435" - }, - { - "name" : "https://wordpress.org/plugins/parsi-font", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/parsi-font" - }, - { - "name" : "93802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected XSS in wordpress plugin parsi-font v4.2.5" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/parsi-font", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/parsi-font" + }, + { + "name": "http://www.vapidlabs.com/wp/wp_advisory.php?v=435", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/wp/wp_advisory.php?v=435" + }, + { + "name": "93802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93802" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10513.json b/2016/10xxx/CVE-2016-10513.json index b3f4520b8a1..fb632dda12c 100644 --- a/2016/10xxx/CVE-2016-10513.json +++ b/2016/10xxx/CVE-2016-10513.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://piwigo.org/releases/2.8.3", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/releases/2.8.3" - }, - { - "name" : "https://github.com/Piwigo/Piwigo/commit/9a93d1f44b06605af84520509e7a0e8b64ab0c05", - "refsource" : "CONFIRM", - "url" : "https://github.com/Piwigo/Piwigo/commit/9a93d1f44b06605af84520509e7a0e8b64ab0c05" - }, - { - "name" : "https://github.com/Piwigo/Piwigo/issues/548", - "refsource" : "CONFIRM", - "url" : "https://github.com/Piwigo/Piwigo/issues/548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Piwigo/Piwigo/issues/548", + "refsource": "CONFIRM", + "url": "https://github.com/Piwigo/Piwigo/issues/548" + }, + { + "name": "https://github.com/Piwigo/Piwigo/commit/9a93d1f44b06605af84520509e7a0e8b64ab0c05", + "refsource": "CONFIRM", + "url": "https://github.com/Piwigo/Piwigo/commit/9a93d1f44b06605af84520509e7a0e8b64ab0c05" + }, + { + "name": "http://piwigo.org/releases/2.8.3", + "refsource": "CONFIRM", + "url": "http://piwigo.org/releases/2.8.3" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10540.json b/2016/10xxx/CVE-2016-10540.json index e1c1e699274..da1b17efe40 100644 --- a/2016/10xxx/CVE-2016-10540.json +++ b/2016/10xxx/CVE-2016-10540.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "minimatch node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=3.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "minimatch node module", + "version": { + "version_data": [ + { + "version_value": "<=3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/118", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/118", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/118" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4262.json b/2016/4xxx/CVE-2016-4262.json index e96301b3c5f..36582d62ce8 100644 --- a/2016/4xxx/CVE-2016-4262.json +++ b/2016/4xxx/CVE-2016-4262.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, and CVE-2016-4261." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html" - }, - { - "name" : "92928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92928" - }, - { - "name" : "1036793", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, and CVE-2016-4261." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036793", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036793" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html" + }, + { + "name": "92928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92928" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4437.json b/2016/4xxx/CVE-2016-4437.json index 74e032b51ec..98b168071f6 100644 --- a/2016/4xxx/CVE-2016-4437.json +++ b/2016/4xxx/CVE-2016-4437.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160603 [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538570/100/0/threaded" - }, - { - "name" : "[announcements@aurora.apache.org] 20171101 Apache Aurora information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4@%3Cannouncements.aurora.apache.org%3E" - }, - { - "name" : "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html" - }, - { - "name" : "RHSA-2016:2035", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2035.html" - }, - { - "name" : "RHSA-2016:2036", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2036.html" - }, - { - "name" : "91024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2035", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html" + }, + { + "name": "[announcements@aurora.apache.org] 20171101 Apache Aurora information disclosure vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4@%3Cannouncements.aurora.apache.org%3E" + }, + { + "name": "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html" + }, + { + "name": "RHSA-2016:2036", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html" + }, + { + "name": "91024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91024" + }, + { + "name": "20160603 [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538570/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4494.json b/2016/4xxx/CVE-2016-4494.json index 92d5f01ccc4..0adc95b11aa 100644 --- a/2016/4xxx/CVE-2016-4494.json +++ b/2016/4xxx/CVE-2016-4494.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4679.json b/2016/4xxx/CVE-2016-4679.json index 5a0d7bd848e..187b787026d 100644 --- a/2016/4xxx/CVE-2016-4679.json +++ b/2016/4xxx/CVE-2016-4679.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"libarchive\" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207269", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207269" - }, - { - "name" : "https://support.apple.com/HT207270", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207270" - }, - { - "name" : "https://support.apple.com/HT207271", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207271" - }, - { - "name" : "https://support.apple.com/HT207275", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207275" - }, - { - "name" : "93849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93849" - }, - { - "name" : "1037086", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"libarchive\" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207271", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207271" + }, + { + "name": "1037086", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037086" + }, + { + "name": "93849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93849" + }, + { + "name": "https://support.apple.com/HT207269", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207269" + }, + { + "name": "https://support.apple.com/HT207270", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207270" + }, + { + "name": "https://support.apple.com/HT207275", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207275" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4766.json b/2016/4xxx/CVE-2016-4766.json index 7538a55af76..2cead7292e8 100644 --- a/2016/4xxx/CVE-2016-4766.json +++ b/2016/4xxx/CVE-2016-4766.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207142" - }, - { - "name" : "https://support.apple.com/HT207143", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207143" - }, - { - "name" : "https://support.apple.com/HT207157", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207157" - }, - { - "name" : "https://support.apple.com/HT207158", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207158" - }, - { - "name" : "APPLE-SA-2016-09-20-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html" - }, - { - "name" : "APPLE-SA-2016-09-20-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" - }, - { - "name" : "APPLE-SA-2016-09-20-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" - }, - { - "name" : "APPLE-SA-2016-09-20-7", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html" - }, - { - "name" : "93067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93067" - }, - { - "name" : "1036854", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-09-20-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT207157", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207157" + }, + { + "name": "https://support.apple.com/HT207158", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207158" + }, + { + "name": "93067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93067" + }, + { + "name": "APPLE-SA-2016-09-20-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" + }, + { + "name": "1036854", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036854" + }, + { + "name": "https://support.apple.com/HT207142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207142" + }, + { + "name": "https://support.apple.com/HT207143", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207143" + }, + { + "name": "APPLE-SA-2016-09-20-7", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html" + }, + { + "name": "APPLE-SA-2016-09-20-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8501.json b/2016/8xxx/CVE-2016-8501.json index 8b012e634cc..90f840f4bcd 100644 --- a/2016/8xxx/CVE-2016-8501.json +++ b/2016/8xxx/CVE-2016-8501.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "browser-security@yandex-team.ru", - "ID" : "CVE-2016-8501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yandex Browser for desktop Versions from 15.10 to 15.12", - "version" : { - "version_data" : [ - { - "version_value" : "Yandex Browser for desktop Versions from 15.10 to 15.12" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security WiFi bypass" - } + "CVE_data_meta": { + "ASSIGNER": "browser-security@yandex-team.ru", + "ID": "CVE-2016-8501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yandex Browser for desktop Versions from 15.10 to 15.12", + "version": { + "version_data": [ + { + "version_value": "Yandex Browser for desktop Versions from 15.10 to 15.12" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://browser.yandex.com/security/changelogs/", - "refsource" : "CONFIRM", - "url" : "https://browser.yandex.com/security/changelogs/" - }, - { - "name" : "93920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security WiFi bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93920" + }, + { + "name": "https://browser.yandex.com/security/changelogs/", + "refsource": "CONFIRM", + "url": "https://browser.yandex.com/security/changelogs/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8662.json b/2016/8xxx/CVE-2016-8662.json index 49ab1014430..b03bc428f54 100644 --- a/2016/8xxx/CVE-2016-8662.json +++ b/2016/8xxx/CVE-2016-8662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8662", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8662", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8721.json b/2016/8xxx/CVE-2016-8721.json index c102d2e340b..9bd941749c2 100644 --- a/2016/8xxx/CVE-2016-8721.json +++ b/2016/8xxx/CVE-2016-8721.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-8721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa AWK-3131A WAP", - "version" : { - "version_data" : [ - { - "version_value" : "1.1 Build 15122211" - } - ] - } - } - ] - }, - "vendor_name" : "Moxa" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-8721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa AWK-3131A WAP", + "version": { + "version_data": [ + { + "version_value": "1.1 Build 15122211" + } + ] + } + } + ] + }, + "vendor_name": "Moxa" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0235/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0235/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0235/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0235/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9053.json b/2016/9xxx/CVE-2016-9053.json index 01fc24ea385..a93206da057 100644 --- a/2016/9xxx/CVE-2016-9053.json +++ b/2016/9xxx/CVE-2016-9053.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-9053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Database Server", - "version" : { - "version_data" : [ - { - "version_value" : "3.10.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Aerospike" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-9053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Database Server", + "version": { + "version_data": [ + { + "version_value": "3.10.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Aerospike" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0267/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0267/" - }, - { - "name" : "96372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0267/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0267/" + }, + { + "name": "96372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96372" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9529.json b/2016/9xxx/CVE-2016-9529.json index 360cc8ef52d..08aa6bf1ccb 100644 --- a/2016/9xxx/CVE-2016-9529.json +++ b/2016/9xxx/CVE-2016-9529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9529", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9529", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9742.json b/2016/9xxx/CVE-2016-9742.json index b7662565328..8361be067ed 100644 --- a/2016/9xxx/CVE-2016-9742.json +++ b/2016/9xxx/CVE-2016-9742.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9742", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9742", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9743.json b/2016/9xxx/CVE-2016-9743.json index 4b092b2e335..517cf47e3c9 100644 --- a/2016/9xxx/CVE-2016-9743.json +++ b/2016/9xxx/CVE-2016-9743.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9743", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9743", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9757.json b/2016/9xxx/CVE-2016-9757.json index fd76a724dad..aaaea849b89 100644 --- a/2016/9xxx/CVE-2016-9757.json +++ b/2016/9xxx/CVE-2016-9757.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2016-9757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nexpose", - "version" : { - "version_data" : [ - { - "version_value" : "6.4.12" - } - ] - } - } - ] - }, - "vendor_name" : "Rapid7" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Persistent XSS" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2016-9757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nexpose", + "version": { + "version_data": [ + { + "version_value": "6.4.12" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13", - "refsource" : "CONFIRM", - "url" : "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13" - }, - { - "name" : "94996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Persistent XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13", + "refsource": "CONFIRM", + "url": "https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13" + }, + { + "name": "94996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94996" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9873.json b/2016/9xxx/CVE-2016-9873.json index 1768f72b521..b0318cfa4e7 100644 --- a/2016/9xxx/CVE-2016-9873.json +++ b/2016/9xxx/CVE-2016-9873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-9873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DQL Injection Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-9873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6", + "version": { + "version_data": [ + { + "version_value": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540060/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540060/30/0/threaded" - }, - { - "name" : "95828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95828" - }, - { - "name" : "1037733", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DQL Injection Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95828" + }, + { + "name": "http://www.securityfocus.com/archive/1/540060/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded" + }, + { + "name": "1037733", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037733" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2125.json b/2019/2xxx/CVE-2019-2125.json index 89daf4dae03..6101d9a6e50 100644 --- a/2019/2xxx/CVE-2019-2125.json +++ b/2019/2xxx/CVE-2019-2125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2125", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2125", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2375.json b/2019/2xxx/CVE-2019-2375.json index 5a2798f1d98..3f5221acb94 100644 --- a/2019/2xxx/CVE-2019-2375.json +++ b/2019/2xxx/CVE-2019-2375.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2375", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2375", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2654.json b/2019/2xxx/CVE-2019-2654.json index 8973287ff48..a541cfacc20 100644 --- a/2019/2xxx/CVE-2019-2654.json +++ b/2019/2xxx/CVE-2019-2654.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2654", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2654", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2706.json b/2019/2xxx/CVE-2019-2706.json index c9f3919fb81..3f1114ce353 100644 --- a/2019/2xxx/CVE-2019-2706.json +++ b/2019/2xxx/CVE-2019-2706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2706", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2706", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2977.json b/2019/2xxx/CVE-2019-2977.json index cc8c96a126c..5780da74cc6 100644 --- a/2019/2xxx/CVE-2019-2977.json +++ b/2019/2xxx/CVE-2019-2977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3728.json b/2019/3xxx/CVE-2019-3728.json index e79fdabd765..6f95e248db4 100644 --- a/2019/3xxx/CVE-2019-3728.json +++ b/2019/3xxx/CVE-2019-3728.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3728", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3728", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3737.json b/2019/3xxx/CVE-2019-3737.json index 28210ce55d4..d505cbc4589 100644 --- a/2019/3xxx/CVE-2019-3737.json +++ b/2019/3xxx/CVE-2019-3737.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3737", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3737", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3777.json b/2019/3xxx/CVE-2019-3777.json index d1f73efece9..ced15073509 100644 --- a/2019/3xxx/CVE-2019-3777.json +++ b/2019/3xxx/CVE-2019-3777.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2019-02-26T23:47:49.000Z", - "ID" : "CVE-2019-3777", - "STATE" : "PUBLIC", - "TITLE" : "Apps Manager unverified SSL certs in Cloud Controller proxy" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apps Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "666", - "version_value" : "666.0.19" - }, - { - "affected" : "<", - "version_name" : "665", - "version_value" : "665.0.26" - }, - { - "affected" : "<", - "version_name" : "667", - "version_value" : "667.0.5" - } - ] - } - }, - { - "product_name" : "Pivotal Application Service", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2.4", - "version_value" : "2.4.3" - }, - { - "affected" : "<", - "version_name" : "2.3", - "version_value" : "2.3.7" - }, - { - "affected" : "<", - "version_name" : "2.2", - "version_value" : "2.2.12" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller" - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295: Improper Certificate Validation" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-02-26T23:47:49.000Z", + "ID": "CVE-2019-3777", + "STATE": "PUBLIC", + "TITLE": "Apps Manager unverified SSL certs in Cloud Controller proxy" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apps Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "666", + "version_value": "666.0.19" + }, + { + "affected": "<", + "version_name": "665", + "version_value": "665.0.26" + }, + { + "affected": "<", + "version_name": "667", + "version_value": "667.0.5" + } + ] + } + }, + { + "product_name": "Pivotal Application Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.4", + "version_value": "2.4.3" + }, + { + "affected": "<", + "version_name": "2.3", + "version_value": "2.3.7" + }, + { + "affected": "<", + "version_name": "2.2", + "version_value": "2.2.12" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2019-3777", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2019-3777" - }, - { - "name" : "107214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107214" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295: Improper Certificate Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107214" + }, + { + "name": "https://pivotal.io/security/cve-2019-3777", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3777" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3785.json b/2019/3xxx/CVE-2019-3785.json index ccfbe3826f8..fc7562011a7 100644 --- a/2019/3xxx/CVE-2019-3785.json +++ b/2019/3xxx/CVE-2019-3785.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00.000Z", - "ID" : "CVE-2019-3785", - "STATE" : "PUBLIC", - "TITLE" : "Cloud Controller provides signed URL with write authorization to read only user" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CAPI", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "All", - "version_value" : "1.78.0" - } - ] - } - } - ] - }, - "vendor_name" : "Cloud Foundry" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285: Improper Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-03-12T00:00:00.000Z", + "ID": "CVE-2019-3785", + "STATE": "PUBLIC", + "TITLE": "Cloud Controller provides signed URL with write authorization to read only user" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CAPI", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "1.78.0" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/blog/cve-2019-3785", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/blog/cve-2019-3785" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/blog/cve-2019-3785", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2019-3785" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6153.json b/2019/6xxx/CVE-2019-6153.json index 5755c249026..f82617c5ec3 100644 --- a/2019/6xxx/CVE-2019-6153.json +++ b/2019/6xxx/CVE-2019-6153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6153", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6153", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6452.json b/2019/6xxx/CVE-2019-6452.json index 1bc2fc55592..50c533befa3 100644 --- a/2019/6xxx/CVE-2019-6452.json +++ b/2019/6xxx/CVE-2019-6452.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6452", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6452", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6908.json b/2019/6xxx/CVE-2019-6908.json index e98a86ea537..1995bc05113 100644 --- a/2019/6xxx/CVE-2019-6908.json +++ b/2019/6xxx/CVE-2019-6908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6908", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6908", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6951.json b/2019/6xxx/CVE-2019-6951.json index 4dfb8bc7c14..2471ed4626c 100644 --- a/2019/6xxx/CVE-2019-6951.json +++ b/2019/6xxx/CVE-2019-6951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6951", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6951", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7106.json b/2019/7xxx/CVE-2019-7106.json index f445ca81fde..1cd34e529ea 100644 --- a/2019/7xxx/CVE-2019-7106.json +++ b/2019/7xxx/CVE-2019-7106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7106", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7106", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7339.json b/2019/7xxx/CVE-2019-7339.json index 3abd0e1bdc1..19053146219 100644 --- a/2019/7xxx/CVE-2019-7339.json +++ b/2019/7xxx/CVE-2019-7339.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZoneMinder/zoneminder/issues/2460", - "refsource" : "MISC", - "url" : "https://github.com/ZoneMinder/zoneminder/issues/2460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZoneMinder/zoneminder/issues/2460", + "refsource": "MISC", + "url": "https://github.com/ZoneMinder/zoneminder/issues/2460" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7554.json b/2019/7xxx/CVE-2019-7554.json index a6095c539ce..937b3094189 100644 --- a/2019/7xxx/CVE-2019-7554.json +++ b/2019/7xxx/CVE-2019-7554.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7554", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7554", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7818.json b/2019/7xxx/CVE-2019-7818.json index f8d0e61e341..1ca15a27e1b 100644 --- a/2019/7xxx/CVE-2019-7818.json +++ b/2019/7xxx/CVE-2019-7818.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7818", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7818", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file