diff --git a/2007/0xxx/CVE-2007-0079.json b/2007/0xxx/CVE-2007-0079.json index b16d6ebdac9..c616cf8bae6 100644 --- a/2007/0xxx/CVE-2007-0079.json +++ b/2007/0xxx/CVE-2007-0079.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070101 rblog Database Download Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455626/100/0/threaded" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=77", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=77" - }, - { - "name" : "32572", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32572" - }, - { - "name" : "23538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23538" - }, - { - "name" : "2102", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2102" - }, - { - "name" : "rblog-database-info-disclosure(31200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32572", + "refsource": "OSVDB", + "url": "http://osvdb.org/32572" + }, + { + "name": "2102", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2102" + }, + { + "name": "rblog-database-info-disclosure(31200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31200" + }, + { + "name": "23538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23538" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=77", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=77" + }, + { + "name": "20070101 rblog Database Download Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455626/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0269.json b/2007/0xxx/CVE-2007-0269.json index dd313596b8d..c2d8c4902f4 100644 --- a/2007/0xxx/CVE-2007-0269.json +++ b/2007/0xxx/CVE-2007-0269.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" - }, - { - "name" : "TA07-017A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" - }, - { - "name" : "22083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22083" - }, - { - "name" : "32908", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32908" - }, - { - "name" : "1017522", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017522" - }, - { - "name" : "23794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23794" - }, - { - "name" : "oracle-cpu-jan2007(31541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23794" + }, + { + "name": "22083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22083" + }, + { + "name": "32908", + "refsource": "OSVDB", + "url": "http://osvdb.org/32908" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" + }, + { + "name": "TA07-017A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" + }, + { + "name": "oracle-cpu-jan2007(31541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" + }, + { + "name": "1017522", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017522" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0342.json b/2007/0xxx/CVE-2007-0342.json index 3f098801be7..0a6a5e26130 100644 --- a/2007/0xxx/CVE-2007-0342.json +++ b/2007/0xxx/CVE-2007-0342.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security-protocols.com/sp-x41-advisory.php", - "refsource" : "MISC", - "url" : "http://security-protocols.com/sp-x41-advisory.php" - }, - { - "name" : "22059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22059" + }, + { + "name": "http://security-protocols.com/sp-x41-advisory.php", + "refsource": "MISC", + "url": "http://security-protocols.com/sp-x41-advisory.php" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0693.json b/2007/0xxx/CVE-2007-0693.json index 9800ad130f3..2a9ee01703d 100644 --- a/2007/0xxx/CVE-2007-0693.json +++ b/2007/0xxx/CVE-2007-0693.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070528 DGNews version 2.1 SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469828/100/0/threaded" - }, - { - "name" : "http://www.netvigilance.com/advisory0022", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0022" - }, - { - "name" : "24201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24201" - }, - { - "name" : "ADV-2007-1981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1981" - }, - { - "name" : "34227", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34227" - }, - { - "name" : "25438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25438" - }, - { - "name" : "2740", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2740" - }, - { - "name" : "dgnews-news-sql-injection(34539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25438" + }, + { + "name": "dgnews-news-sql-injection(34539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34539" + }, + { + "name": "34227", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34227" + }, + { + "name": "http://www.netvigilance.com/advisory0022", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0022" + }, + { + "name": "ADV-2007-1981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1981" + }, + { + "name": "20070528 DGNews version 2.1 SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469828/100/0/threaded" + }, + { + "name": "24201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24201" + }, + { + "name": "2740", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2740" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1308.json b/2007/1xxx/CVE-2007-1308.json index 91146eec505..b1e1dff226a 100644 --- a/2007/1xxx/CVE-2007-1308.json +++ b/2007/1xxx/CVE-2007-1308.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461897/100/0/threaded" - }, - { - "name" : "20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html" - }, - { - "name" : "http://bindshell.net/advisories/konq355", - "refsource" : "MISC", - "url" : "http://bindshell.net/advisories/konq355" - }, - { - "name" : "http://bindshell.net/advisories/konq355/konq355-patch.diff", - "refsource" : "MISC", - "url" : "http://bindshell.net/advisories/konq355/konq355-patch.diff" - }, - { - "name" : "MDKSA-2007:054", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:054" - }, - { - "name" : "RHSA-2007:0909", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0909.html" - }, - { - "name" : "USN-447-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-447-1" - }, - { - "name" : "22814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22814" - }, - { - "name" : "oval:org.mitre.oval:def:10551", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10551" - }, - { - "name" : "ADV-2007-0886", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0886" - }, - { - "name" : "27108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27108" - }, - { - "name" : "2345", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2345" - }, - { - "name" : "konqueror-ftp-dos(32798)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22814" + }, + { + "name": "RHSA-2007:0909", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html" + }, + { + "name": "20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461897/100/0/threaded" + }, + { + "name": "20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html" + }, + { + "name": "ADV-2007-0886", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0886" + }, + { + "name": "http://bindshell.net/advisories/konq355/konq355-patch.diff", + "refsource": "MISC", + "url": "http://bindshell.net/advisories/konq355/konq355-patch.diff" + }, + { + "name": "USN-447-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-447-1" + }, + { + "name": "MDKSA-2007:054", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:054" + }, + { + "name": "27108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27108" + }, + { + "name": "http://bindshell.net/advisories/konq355", + "refsource": "MISC", + "url": "http://bindshell.net/advisories/konq355" + }, + { + "name": "oval:org.mitre.oval:def:10551", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10551" + }, + { + "name": "2345", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2345" + }, + { + "name": "konqueror-ftp-dos(32798)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32798" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1314.json b/2007/1xxx/CVE-2007-1314.json index 7a0da27dc0f..b56d1aa92ac 100644 --- a/2007/1xxx/CVE-2007-1314.json +++ b/2007/1xxx/CVE-2007-1314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1314", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1314", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1663.json b/2007/1xxx/CVE-2007-1663.json index 2cd9185c852..f4d5f955cdb 100644 --- a/2007/1xxx/CVE-2007-1663.json +++ b/2007/1xxx/CVE-2007-1663.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1318", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1318" - }, - { - "name" : "24600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24600" - }, - { - "name" : "45377", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45377" - }, - { - "name" : "ekg-image-message-dos(35134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45377", + "refsource": "OSVDB", + "url": "http://osvdb.org/45377" + }, + { + "name": "24600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24600" + }, + { + "name": "ekg-image-message-dos(35134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35134" + }, + { + "name": "DSA-1318", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1318" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1995.json b/2007/1xxx/CVE-2007-1995.json index 2120d27c66e..52a80661e44 100644 --- a/2007/1xxx/CVE-2007-1995.json +++ b/2007/1xxx/CVE-2007-1995.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.quagga.net/show_bug.cgi?id=354", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.quagga.net/show_bug.cgi?id=354" - }, - { - "name" : "http://bugzilla.quagga.net/show_bug.cgi?id=355", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.quagga.net/show_bug.cgi?id=355" - }, - { - "name" : "http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740", - "refsource" : "CONFIRM", - "url" : "http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740" - }, - { - "name" : "DSA-1293", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1293" - }, - { - "name" : "GLSA-200705-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-05.xml" - }, - { - "name" : "MDKSA-2007:096", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:096" - }, - { - "name" : "OpenPKG-SA-2007.015", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html" - }, - { - "name" : "RHSA-2007:0389", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0389.html" - }, - { - "name" : "236141", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1" - }, - { - "name" : "SUSE-SR:2007:009", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_9_sr.html" - }, - { - "name" : "2007-0017", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0017/" - }, - { - "name" : "USN-461-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-461-1" - }, - { - "name" : "23417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23417" - }, - { - "name" : "oval:org.mitre.oval:def:11048", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048" - }, - { - "name" : "ADV-2007-1336", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1336" - }, - { - "name" : "ADV-2008-1195", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1195/references" - }, - { - "name" : "1018142", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018142" - }, - { - "name" : "24808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24808" - }, - { - "name" : "25084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25084" - }, - { - "name" : "25119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25119" - }, - { - "name" : "25255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25255" - }, - { - "name" : "25312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25312" - }, - { - "name" : "25293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25293" - }, - { - "name" : "25428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25428" - }, - { - "name" : "29743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29743" - }, - { - "name" : "quagga-bgpattributes-dos(33547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018142", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018142" + }, + { + "name": "25119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25119" + }, + { + "name": "25084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25084" + }, + { + "name": "25312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25312" + }, + { + "name": "ADV-2007-1336", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1336" + }, + { + "name": "ADV-2008-1195", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1195/references" + }, + { + "name": "23417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23417" + }, + { + "name": "236141", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1" + }, + { + "name": "DSA-1293", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1293" + }, + { + "name": "24808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24808" + }, + { + "name": "25428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25428" + }, + { + "name": "http://bugzilla.quagga.net/show_bug.cgi?id=354", + "refsource": "CONFIRM", + "url": "http://bugzilla.quagga.net/show_bug.cgi?id=354" + }, + { + "name": "2007-0017", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0017/" + }, + { + "name": "OpenPKG-SA-2007.015", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html" + }, + { + "name": "RHSA-2007:0389", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0389.html" + }, + { + "name": "SUSE-SR:2007:009", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_9_sr.html" + }, + { + "name": "oval:org.mitre.oval:def:11048", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048" + }, + { + "name": "http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740", + "refsource": "CONFIRM", + "url": "http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740" + }, + { + "name": "25293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25293" + }, + { + "name": "quagga-bgpattributes-dos(33547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33547" + }, + { + "name": "29743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29743" + }, + { + "name": "USN-461-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-461-1" + }, + { + "name": "http://bugzilla.quagga.net/show_bug.cgi?id=355", + "refsource": "CONFIRM", + "url": "http://bugzilla.quagga.net/show_bug.cgi?id=355" + }, + { + "name": "MDKSA-2007:096", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:096" + }, + { + "name": "25255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25255" + }, + { + "name": "GLSA-200705-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-05.xml" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4435.json b/2007/4xxx/CVE-2007-4435.json index 418980e9c99..082bf5d7aee 100644 --- a/2007/4xxx/CVE-2007-4435.json +++ b/2007/4xxx/CVE-2007-4435.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.torrenttrader.org/index.php?showtopic=6255", - "refsource" : "CONFIRM", - "url" : "http://www.torrenttrader.org/index.php?showtopic=6255" - }, - { - "name" : "http://www.torrenttrader.org/index.php?showtopic=5776", - "refsource" : "CONFIRM", - "url" : "http://www.torrenttrader.org/index.php?showtopic=5776" - }, - { - "name" : "25369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25369" - }, - { - "name" : "36598", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36598" - }, - { - "name" : "36599", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36599" - }, - { - "name" : "36600", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36600" - }, - { - "name" : "26504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26504" - }, - { - "name" : "torrenttrader-account-sql-injection(36119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "torrenttrader-account-sql-injection(36119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36119" + }, + { + "name": "36600", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36600" + }, + { + "name": "25369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25369" + }, + { + "name": "26504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26504" + }, + { + "name": "http://www.torrenttrader.org/index.php?showtopic=6255", + "refsource": "CONFIRM", + "url": "http://www.torrenttrader.org/index.php?showtopic=6255" + }, + { + "name": "http://www.torrenttrader.org/index.php?showtopic=5776", + "refsource": "CONFIRM", + "url": "http://www.torrenttrader.org/index.php?showtopic=5776" + }, + { + "name": "36598", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36598" + }, + { + "name": "36599", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36599" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4563.json b/2007/4xxx/CVE-2007-4563.json index dca7389b047..775ceaee342 100644 --- a/2007/4xxx/CVE-2007-4563.json +++ b/2007/4xxx/CVE-2007-4563.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html" - }, - { - "name" : "25434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25434" - }, - { - "name" : "37854", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37854" - }, - { - "name" : "26589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26589" - }, - { - "name" : "cosminexus-group-security-bypass(36245)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37854", + "refsource": "OSVDB", + "url": "http://osvdb.org/37854" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html" + }, + { + "name": "25434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25434" + }, + { + "name": "26589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26589" + }, + { + "name": "cosminexus-group-security-bypass(36245)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36245" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4612.json b/2007/4xxx/CVE-2007-4612.json index e85f36c1d96..a72d073f343 100644 --- a/2007/4xxx/CVE-2007-4612.json +++ b/2007/4xxx/CVE-2007-4612.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070826 Moonware Software Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477851/100/0/threaded" - }, - { - "name" : "25457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25457" - }, - { - "name" : "3079", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3079" - }, - { - "name" : "mwcontactform-contact-crlf-injection(36290)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3079", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3079" + }, + { + "name": "25457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25457" + }, + { + "name": "mwcontactform-contact-crlf-injection(36290)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36290" + }, + { + "name": "20070826 Moonware Software Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477851/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4616.json b/2007/4xxx/CVE-2007-4616.json index 07cf33108b4..03c65f92845 100644 --- a/2007/4xxx/CVE-2007-4616.json +++ b/2007/4xxx/CVE-2007-4616.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA07-176.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/245" - }, - { - "name" : "25472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25472" - }, - { - "name" : "ADV-2007-3008", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3008" - }, - { - "name" : "1018620", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018620" - }, - { - "name" : "26539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26539" - }, - { - "name" : "weblogic-nullcipher-information-disclosure(36320)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26539" + }, + { + "name": "weblogic-nullcipher-information-disclosure(36320)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36320" + }, + { + "name": "25472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25472" + }, + { + "name": "1018620", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018620" + }, + { + "name": "ADV-2007-3008", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3008" + }, + { + "name": "BEA07-176.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/245" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4637.json b/2007/4xxx/CVE-2007-4637.json index 632e8d24aa4..bc6c65fb296 100644 --- a/2007/4xxx/CVE-2007-4637.json +++ b/2007/4xxx/CVE-2007-4637.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4336", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4336", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4336" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4808.json b/2007/4xxx/CVE-2007-4808.json index 7db13ff30ab..408641f4f45 100644 --- a/2007/4xxx/CVE-2007-4808.json +++ b/2007/4xxx/CVE-2007-4808.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4376", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4376" - }, - { - "name" : "http://www.z0rlu.ownspace.org/index.php?/archives/74-Powered-by-TLM-CMS-index.php-sql-inj..html", - "refsource" : "MISC", - "url" : "http://www.z0rlu.ownspace.org/index.php?/archives/74-Powered-by-TLM-CMS-index.php-sql-inj..html" - }, - { - "name" : "25602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25602" - }, - { - "name" : "29049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29049" - }, - { - "name" : "ADV-2007-3137", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3137" - }, - { - "name" : "37001", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37001" - }, - { - "name" : "37002", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37002" - }, - { - "name" : "37003", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37003" - }, - { - "name" : "37004", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37004" - }, - { - "name" : "37005", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37005" - }, - { - "name" : "37006", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37006" - }, - { - "name" : "26752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26752" - }, - { - "name" : "tlmcms-multiple-sql-injection(36536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36536" - }, - { - "name" : "tlm-index-sql-injection(42204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.z0rlu.ownspace.org/index.php?/archives/74-Powered-by-TLM-CMS-index.php-sql-inj..html", + "refsource": "MISC", + "url": "http://www.z0rlu.ownspace.org/index.php?/archives/74-Powered-by-TLM-CMS-index.php-sql-inj..html" + }, + { + "name": "37001", + "refsource": "OSVDB", + "url": "http://osvdb.org/37001" + }, + { + "name": "37002", + "refsource": "OSVDB", + "url": "http://osvdb.org/37002" + }, + { + "name": "tlm-index-sql-injection(42204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42204" + }, + { + "name": "37005", + "refsource": "OSVDB", + "url": "http://osvdb.org/37005" + }, + { + "name": "4376", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4376" + }, + { + "name": "tlmcms-multiple-sql-injection(36536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36536" + }, + { + "name": "37003", + "refsource": "OSVDB", + "url": "http://osvdb.org/37003" + }, + { + "name": "26752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26752" + }, + { + "name": "29049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29049" + }, + { + "name": "25602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25602" + }, + { + "name": "ADV-2007-3137", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3137" + }, + { + "name": "37004", + "refsource": "OSVDB", + "url": "http://osvdb.org/37004" + }, + { + "name": "37006", + "refsource": "OSVDB", + "url": "http://osvdb.org/37006" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5952.json b/2007/5xxx/CVE-2007-5952.json index 144ca9878c5..ad1774bb32a 100644 --- a/2007/5xxx/CVE-2007-5952.json +++ b/2007/5xxx/CVE-2007-5952.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26312" - }, - { - "name" : "38408", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38408" - }, - { - "name" : "27490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27490" - }, - { - "name" : "3337", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27490" + }, + { + "name": "38408", + "refsource": "OSVDB", + "url": "http://osvdb.org/38408" + }, + { + "name": "26312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26312" + }, + { + "name": "3337", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3337" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2387.json b/2015/2xxx/CVE-2015-2387.json index 99803295c02..361eba25a4b 100644 --- a/2015/2xxx/CVE-2015-2387.json +++ b/2015/2xxx/CVE-2015-2387.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"ATMFD.DLL Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-077", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-077" - }, - { - "name" : "TA15-195A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA15-195A" - }, - { - "name" : "75587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75587" - }, - { - "name" : "1032908", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"ATMFD.DLL Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-077", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-077" + }, + { + "name": "75587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75587" + }, + { + "name": "1032908", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032908" + }, + { + "name": "TA15-195A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA15-195A" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3252.json b/2015/3xxx/CVE-2015-3252.json index e80b4d4e0e2..94d304cd34b 100644 --- a/2015/3xxx/CVE-2015-3252.json +++ b/2015/3xxx/CVE-2015-3252.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537459/100/0/threaded" - }, - { - "name" : "[cloudstack-users] 20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E" - }, - { - "name" : "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories", - "refsource" : "CONFIRM", - "url" : "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories", + "refsource": "CONFIRM", + "url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories" + }, + { + "name": "20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537459/100/0/threaded" + }, + { + "name": "[cloudstack-users] 20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3760.json b/2015/3xxx/CVE-2015-3760.json index f651863f094..c14400d94dd 100644 --- a/2015/3xxx/CVE-2015-3760.json +++ b/2015/3xxx/CVE-2015-3760.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "76340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76340" - }, - { - "name" : "1033276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76340" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "1033276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033276" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6446.json b/2015/6xxx/CVE-2015-6446.json index cf4e0f964bb..df01196af41 100644 --- a/2015/6xxx/CVE-2015-6446.json +++ b/2015/6xxx/CVE-2015-6446.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6446", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6446", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6573.json b/2015/6xxx/CVE-2015-6573.json index 9b728b07a7e..a8abbf504cb 100644 --- a/2015/6xxx/CVE-2015-6573.json +++ b/2015/6xxx/CVE-2015-6573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6728.json b/2015/6xxx/CVE-2015-6728.json index 8d18eb29b7b..e6ad00b1412 100644 --- a/2015/6xxx/CVE-2015-6728.json +++ b/2015/6xxx/CVE-2015-6728.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html" - }, - { - "name" : "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/12/6" - }, - { - "name" : "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/27/6" - }, - { - "name" : "FEDORA-2015-13920", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html" - }, - { - "name" : "GLSA-201510-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-05" - }, - { - "name" : "76334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201510-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-05" + }, + { + "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6" + }, + { + "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6" + }, + { + "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html" + }, + { + "name": "FEDORA-2015-13920", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html" + }, + { + "name": "76334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76334" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6890.json b/2015/6xxx/CVE-2015-6890.json index 9ecef147c1f..7d3122191e8 100644 --- a/2015/6xxx/CVE-2015-6890.json +++ b/2015/6xxx/CVE-2015-6890.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6890", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6890", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7153.json b/2015/7xxx/CVE-2015-7153.json index 38cb61f4f48..bba9a568804 100644 --- a/2015/7xxx/CVE-2015-7153.json +++ b/2015/7xxx/CVE-2015-7153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7153", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7153", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7182.json b/2015/7xxx/CVE-2015-7182.json index a3413983f11..2afe5acbe00 100644 --- a/2015/7xxx/CVE-2015-7182.json +++ b/2015/7xxx/CVE-2015-7182.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-7182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868" - }, - { - "name" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes", - "refsource" : "CONFIRM", - "url" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes" - }, - { - "name" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes", - "refsource" : "CONFIRM", - "url" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes" - }, - { - "name" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes", - "refsource" : "CONFIRM", - "url" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa119", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa119" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "DSA-3410", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3410" - }, - { - "name" : "DSA-3393", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3393" - }, - { - "name" : "DSA-3688", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3688" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:1980", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1980.html" - }, - { - "name" : "RHSA-2015:1981", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1981.html" - }, - { - "name" : "SSA:2015-310-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753" - }, - { - "name" : "openSUSE-SU-2015:2229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html" - }, - { - "name" : "openSUSE-SU-2015:2245", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html" - }, - { - "name" : "SUSE-SU-2015:1926", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1942", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1978", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html" - }, - { - "name" : "SUSE-SU-2015:1981", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:2081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" - }, - { - "name" : "USN-2819-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2819-1" - }, - { - "name" : "USN-2785-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2785-1" - }, - { - "name" : "USN-2791-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2791-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "77416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77416" - }, - { - "name" : "1034069", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "1034069", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034069" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa119", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa119" + }, + { + "name": "DSA-3688", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3688" + }, + { + "name": "DSA-3410", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3410" + }, + { + "name": "SUSE-SU-2015:2081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "SUSE-SU-2015:1981", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868" + }, + { + "name": "openSUSE-SU-2015:2229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html" + }, + { + "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes", + "refsource": "CONFIRM", + "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes" + }, + { + "name": "USN-2785-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2785-1" + }, + { + "name": "USN-2791-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2791-1" + }, + { + "name": "SUSE-SU-2015:1926", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "RHSA-2015:1981", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html" + }, + { + "name": "USN-2819-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2819-1" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes", + "refsource": "CONFIRM", + "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes" + }, + { + "name": "openSUSE-SU-2015:1942", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html" + }, + { + "name": "RHSA-2015:1980", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html" + }, + { + "name": "DSA-3393", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3393" + }, + { + "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes", + "refsource": "CONFIRM", + "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes" + }, + { + "name": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html" + }, + { + "name": "77416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77416" + }, + { + "name": "openSUSE-SU-2015:2245", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "SSA:2015-310-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html" + }, + { + "name": "SUSE-SU-2015:1978", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7281.json b/2015/7xxx/CVE-2015-7281.json index 601fc6dfaec..e4687299147 100644 --- a/2015/7xxx/CVE-2015-7281.json +++ b/2015/7xxx/CVE-2015-7281.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-7281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#167992", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/167992" - }, - { - "name" : "78814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78814" + }, + { + "name": "VU#167992", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/167992" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7296.json b/2015/7xxx/CVE-2015-7296.json index e4ec0ffd0a7..b03a32834bd 100644 --- a/2015/7xxx/CVE-2015-7296.json +++ b/2015/7xxx/CVE-2015-7296.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-7296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#906576", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/906576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#906576", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/906576" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7315.json b/2015/7xxx/CVE-2015-7315.json index 3354ab31e38..18498817fdf 100644 --- a/2015/7xxx/CVE-2015-7315.json +++ b/2015/7xxx/CVE-2015-7315.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/22/13" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1264791", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1264791" - }, - { - "name" : "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406", - "refsource" : "CONFIRM", - "url" : "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406" - }, - { - "name" : "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members", - "refsource" : "CONFIRM", - "url" : "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264791" + }, + { + "name": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406", + "refsource": "CONFIRM", + "url": "https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406" + }, + { + "name": "[oss-security] 20150922 Re: CVE Request: Plone Unauthorized user creation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/22/13" + }, + { + "name": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members", + "refsource": "CONFIRM", + "url": "https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7774.json b/2015/7xxx/CVE-2015-7774.json index e5d7674ba95..64c7e2ca854 100644 --- a/2015/7xxx/CVE-2015-7774.json +++ b/2015/7xxx/CVE-2015-7774.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-7774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pwebmanager.org/", - "refsource" : "CONFIRM", - "url" : "http://www.pwebmanager.org/" - }, - { - "name" : "JVN#25323093", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN25323093/index.html" - }, - { - "name" : "JVNDB-2015-000180", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000180", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000180" + }, + { + "name": "http://www.pwebmanager.org/", + "refsource": "CONFIRM", + "url": "http://www.pwebmanager.org/" + }, + { + "name": "JVN#25323093", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN25323093/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7926.json b/2015/7xxx/CVE-2015-7926.json index 0dee7109406..d0d7397c74c 100644 --- a/2015/7xxx/CVE-2015-7926.json +++ b/2015/7xxx/CVE-2015-7926.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-7926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151224 eWON sa Industrial router - Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Dec/118" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03" - }, - { - "name" : "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html" - }, - { - "name" : "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01", - "refsource" : "CONFIRM", - "url" : "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01" - }, - { - "name" : "79625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151224 eWON sa Industrial router - Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Dec/118" + }, + { + "name": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html" + }, + { + "name": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01", + "refsource": "CONFIRM", + "url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03" + }, + { + "name": "79625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79625" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0172.json b/2016/0xxx/CVE-2016-0172.json index 446c3fb2fe6..10bdc2e5d6d 100644 --- a/2016/0xxx/CVE-2016-0172.json +++ b/2016/0xxx/CVE-2016-0172.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0172", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-0172", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0214.json b/2016/0xxx/CVE-2016-0214.json index ad71d2a8c48..84ffc40acb6 100644 --- a/2016/0xxx/CVE-2016-0214.json +++ b/2016/0xxx/CVE-2016-0214.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Platform", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.2" - }, - { - "version_value" : "9.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21993203", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21993203" - }, - { - "name" : "94193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21993203", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21993203" + }, + { + "name": "94193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94193" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0301.json b/2016/0xxx/CVE-2016-0301.json index 932966860ff..1532cc8dc9c 100644 --- a/2016/0xxx/CVE-2016-0301.json +++ b/2016/0xxx/CVE-2016-0301.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983292", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983292" - }, - { - "name" : "1036091", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036091", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036091" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0773.json b/2016/0xxx/CVE-2016-0773.json index 05517aacc82..9690564d2f7 100644 --- a/2016/0xxx/CVE-2016-0773.json +++ b/2016/0xxx/CVE-2016-0773.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-0773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-0773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/about/news/1644/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news/1644/" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-1-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-1-20.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-2-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-2-15.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-3-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-3-11.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-4-6.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-4-6.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-5-1.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-5-1.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10152", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10152" - }, - { - "name" : "https://puppet.com/security/cve/CVE-2016-0773", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/CVE-2016-0773" - }, - { - "name" : "DSA-3476", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3476" - }, - { - "name" : "DSA-3475", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3475" - }, - { - "name" : "FEDORA-2016-e0a6c9ebc4", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html" - }, - { - "name" : "FEDORA-2016-b0c2412ab2", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html" - }, - { - "name" : "GLSA-201701-33", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-33" - }, - { - "name" : "RHSA-2016:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1060.html" - }, - { - "name" : "openSUSE-SU-2016:0578", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html" - }, - { - "name" : "SUSE-SU-2016:0677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html" - }, - { - "name" : "SUSE-SU-2016:0539", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html" - }, - { - "name" : "SUSE-SU-2016:0555", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html" - }, - { - "name" : "openSUSE-SU-2016:0531", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html" - }, - { - "name" : "USN-2894-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2894-1" - }, - { - "name" : "83184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83184" - }, - { - "name" : "1035005", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:0555", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html" + }, + { + "name": "https://puppet.com/security/cve/CVE-2016-0773", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/CVE-2016-0773" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-9-3-11.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-11.html" + }, + { + "name": "SUSE-SU-2016:0677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html" + }, + { + "name": "SUSE-SU-2016:0539", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-9-2-15.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-15.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10152", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10152" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-9-5-1.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-5-1.html" + }, + { + "name": "GLSA-201701-33", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-33" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "http://www.postgresql.org/about/news/1644/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news/1644/" + }, + { + "name": "1035005", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035005" + }, + { + "name": "FEDORA-2016-b0c2412ab2", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html" + }, + { + "name": "FEDORA-2016-e0a6c9ebc4", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html" + }, + { + "name": "RHSA-2016:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1060.html" + }, + { + "name": "83184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83184" + }, + { + "name": "openSUSE-SU-2016:0578", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-9-4-6.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-4-6.html" + }, + { + "name": "USN-2894-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2894-1" + }, + { + "name": "openSUSE-SU-2016:0531", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-9-1-20.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-20.html" + }, + { + "name": "DSA-3476", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3476" + }, + { + "name": "DSA-3475", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3475" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0777.json b/2016/0xxx/CVE-2016-0777.json index a64c922a170..2f0161da7f1 100644 --- a/2016/0xxx/CVE-2016-0777.json +++ b/2016/0xxx/CVE-2016-0777.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-0777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537295/100/0/threaded" - }, - { - "name" : "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Jan/44" - }, - { - "name" : "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/14/7" - }, - { - "name" : "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html" - }, - { - "name" : "http://www.openssh.com/txt/release-7.1p2", - "refsource" : "CONFIRM", - "url" : "http://www.openssh.com/txt/release-7.1p2" - }, - { - "name" : "https://support.apple.com/HT206167", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206167" - }, - { - "name" : "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" - }, - { - "name" : "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa109", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa109" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "APPLE-SA-2016-03-21-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" - }, - { - "name" : "DSA-3446", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3446" - }, - { - "name" : "FEDORA-2016-2e89eba0c1", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html" - }, - { - "name" : "FEDORA-2016-67c6ef0d4f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html" - }, - { - "name" : "FEDORA-2016-c330264861", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html" - }, - { - "name" : "FEDORA-2016-4556904561", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html" - }, - { - "name" : "FreeBSD-SA-16:07", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc" - }, - { - "name" : "GLSA-201601-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-01" - }, - { - "name" : "SUSE-SU-2016:0117", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2016:0118", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html" - }, - { - "name" : "SUSE-SU-2016:0119", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:0120", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html" - }, - { - "name" : "openSUSE-SU-2016:0127", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html" - }, - { - "name" : "openSUSE-SU-2016:0128", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html" - }, - { - "name" : "USN-2869-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2869-1" - }, - { - "name" : "80695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/80695" - }, - { - "name" : "1034671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/", + "refsource": "CONFIRM", + "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" + }, + { + "name": "SUSE-SU-2016:0117", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html" + }, + { + "name": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", + "refsource": "CONFIRM", + "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" + }, + { + "name": "APPLE-SA-2016-03-21-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375" + }, + { + "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded" + }, + { + "name": "https://support.apple.com/HT206167", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206167" + }, + { + "name": "FEDORA-2016-4556904561", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734" + }, + { + "name": "80695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/80695" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "FreeBSD-SA-16:07", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc" + }, + { + "name": "FEDORA-2016-c330264861", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "http://www.openssh.com/txt/release-7.1p2", + "refsource": "CONFIRM", + "url": "http://www.openssh.com/txt/release-7.1p2" + }, + { + "name": "openSUSE-SU-2016:0128", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html" + }, + { + "name": "FEDORA-2016-2e89eba0c1", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa109", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa109" + }, + { + "name": "1034671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034671" + }, + { + "name": "openSUSE-SU-2016:0127", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html" + }, + { + "name": "GLSA-201601-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-01" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7" + }, + { + "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Jan/44" + }, + { + "name": "SUSE-SU-2016:0119", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html" + }, + { + "name": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html" + }, + { + "name": "SUSE-SU-2016:0118", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html" + }, + { + "name": "FEDORA-2016-67c6ef0d4f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html" + }, + { + "name": "SUSE-SU-2016:0120", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html" + }, + { + "name": "USN-2869-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2869-1" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "name": "DSA-3446", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3446" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000217.json b/2016/1000xxx/CVE-2016-1000217.json index 137ce3403ef..0a379e47e2a 100644 --- a/2016/1000xxx/CVE-2016-1000217.json +++ b/2016/1000xxx/CVE-2016-1000217.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zotpress plugin for WordPress SQLi in zp_get_account()" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/zotpress/changelog/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/zotpress/changelog/" - }, - { - "name" : "https://wordpress.org/support/topic/sql-injection-in-api_user_id/", - "refsource" : "MISC", - "url" : "https://wordpress.org/support/topic/sql-injection-in-api_user_id/" - }, - { - "name" : "93894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zotpress plugin for WordPress SQLi in zp_get_account()" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/support/topic/sql-injection-in-api_user_id/", + "refsource": "MISC", + "url": "https://wordpress.org/support/topic/sql-injection-in-api_user_id/" + }, + { + "name": "93894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93894" + }, + { + "name": "https://wordpress.org/plugins/zotpress/changelog/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/zotpress/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10543.json b/2016/10xxx/CVE-2016-10543.json index 7bb11cc23c3..c0261714b53 100644 --- a/2016/10xxx/CVE-2016-10543.json +++ b/2016/10xxx/CVE-2016-10543.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "call node module", - "version" : { - "version_data" : [ - { - "version_value" : ">= 2.0.1 <3.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation (CWE-20)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "call node module", + "version": { + "version_data": [ + { + "version_value": ">= 2.0.1 <3.0.2" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hapijs/hapi/issues/3228", - "refsource" : "MISC", - "url" : "https://github.com/hapijs/hapi/issues/3228" - }, - { - "name" : "https://nodesecurity.io/advisories/121", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hapijs/hapi/issues/3228", + "refsource": "MISC", + "url": "https://github.com/hapijs/hapi/issues/3228" + }, + { + "name": "https://nodesecurity.io/advisories/121", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/121" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1306.json b/2016/1xxx/CVE-2016-1306.json index bb269f89659..49231739a35 100644 --- a/2016/1xxx/CVE-2016-1306.json +++ b/2016/1xxx/CVE-2016-1306.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160201 Cisco Fog Director Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160201 Cisco Fog Director Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1320.json b/2016/1xxx/CVE-2016-1320.json index df6577f1ebb..19576a30713 100644 --- a/2016/1xxx/CVE-2016-1320.json +++ b/2016/1xxx/CVE-2016-1320.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2016-38", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-38" - }, - { - "name" : "20160209 Cisco Prime Collaboration Provisioning Local Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160209-pcp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160209 Cisco Prime Collaboration Provisioning Local Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160209-pcp" + }, + { + "name": "https://www.tenable.com/security/research/tra-2016-38", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-38" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1548.json b/2016/1xxx/CVE-2016-1548.json index a27a988df43..9c4a978c65f 100644 --- a/2016/1xxx/CVE-2016-1548.json +++ b/2016/1xxx/CVE-2016-1548.json @@ -1,129 +1,129 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-1548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-1548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NTP", + "version": { + "version_data": [ + { + "version_value": "4.2.8p4" + } + ] + } + } + ] + }, + "vendor_name": "NTP Project" + }, + { + "product": { + "product_data": [ + { + "product_name": "NTPSec", + "version": { + "version_data": [ + { + "version_value": "aa48d001683e5b791a743ec9c575aaf7d867a2b0c" + } + ] + } + } + ] + }, + "vendor_name": "NTPsec Project" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "NTP", - "version" : { - "version_data" : [ - { - "version_value" : "4.2.8p4" - } - ] - } - } - ] - }, - "vendor_name" : "NTP Project" + "lang": "eng", + "value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3629", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3629" }, { - "product" : { - "product_data" : [ - { - "product_name" : "NTPSec", - "version" : { - "version_data" : [ - { - "version_value" : "aa48d001683e5b791a743ec9c575aaf7d867a2b0c" - } - ] - } - } - ] - }, - "vendor_name" : "NTPsec Project" + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0082/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "RHSA-2016:1141", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1141" + }, + { + "name": "88264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/88264" + }, + { + "name": "RHSA-2016:1552", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html" + }, + { + "name": "1035705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035705" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171004-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" + }, + { + "name": "FreeBSD-SA-16:16", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" + }, + { + "name": "GLSA-201607-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-15" } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0082/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0082/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171004-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171004-0002/" - }, - { - "name" : "DSA-3629", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3629" - }, - { - "name" : "FreeBSD-SA-16:16", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" - }, - { - "name" : "GLSA-201607-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-15" - }, - { - "name" : "RHSA-2016:1141", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1141" - }, - { - "name" : "RHSA-2016:1552", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1552.html" - }, - { - "name" : "88264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/88264" - }, - { - "name" : "1035705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035705" - } - ] - } -} + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1736.json b/2016/1xxx/CVE-2016-1736.json index 5fa85b942c8..7d59b08f472 100644 --- a/2016/1xxx/CVE-2016-1736.json +++ b/2016/1xxx/CVE-2016-1736.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206167", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206167" - }, - { - "name" : "APPLE-SA-2016-03-21-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" - }, - { - "name" : "1035363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-03-21-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" + }, + { + "name": "https://support.apple.com/HT206167", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206167" + }, + { + "name": "1035363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035363" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1969.json b/2016/1xxx/CVE-2016-1969.json index 6ea7bf8aced..32669a5b19e 100644 --- a/2016/1xxx/CVE-2016-1969.json +++ b/2016/1xxx/CVE-2016-1969.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-1969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-38.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-38.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1242322", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1242322" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "1035215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242322", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242322" + }, + { + "name": "1035215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035215" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-38.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-38.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4004.json b/2016/4xxx/CVE-2016-4004.json index ba0d70a0261..72259622c60 100644 --- a/2016/4xxx/CVE-2016-4004.json +++ b/2016/4xxx/CVE-2016-4004.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\\ (dot dot backslash) in the file parameter to ViewFile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39486", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39486/" - }, - { - "name" : "1035564", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\\ (dot dot backslash) in the file parameter to ViewFile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035564", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035564" + }, + { + "name": "39486", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39486/" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4488.json b/2016/4xxx/CVE-2016-4488.json index 94d94bc5bbd..61d766d1f0d 100644 --- a/2016/4xxx/CVE-2016-4488.json +++ b/2016/4xxx/CVE-2016-4488.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160505 Re: CVE Request: No Demangling During Analysis of Untrusted Binaries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/05/5" - }, - { - "name" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "refsource" : "CONFIRM", - "url" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481" - }, - { - "name" : "90025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "90025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90025" + }, + { + "name": "[oss-security] 20160505 Re: CVE Request: No Demangling During Analysis of Untrusted Binaries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/05/5" + }, + { + "name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", + "refsource": "CONFIRM", + "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4708.json b/2016/4xxx/CVE-2016-4708.json index f30923007e4..0e1cec8da9d 100644 --- a/2016/4xxx/CVE-2016-4708.json +++ b/2016/4xxx/CVE-2016-4708.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207141" - }, - { - "name" : "https://support.apple.com/HT207142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207142" - }, - { - "name" : "https://support.apple.com/HT207143", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207143" - }, - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "APPLE-SA-2016-09-20-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" - }, - { - "name" : "APPLE-SA-2016-09-20-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html" - }, - { - "name" : "APPLE-SA-2016-09-20-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" - }, - { - "name" : "93054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93054" - }, - { - "name" : "1036858", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207141" + }, + { + "name": "1036858", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036858" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "APPLE-SA-2016-09-20-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" + }, + { + "name": "APPLE-SA-2016-09-20-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html" + }, + { + "name": "APPLE-SA-2016-09-20-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" + }, + { + "name": "93054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93054" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + }, + { + "name": "https://support.apple.com/HT207142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207142" + }, + { + "name": "https://support.apple.com/HT207143", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207143" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4787.json b/2016/4xxx/CVE-2016-4787.json index 6638d7491bc..0b5ceb8fc5b 100644 --- a/2016/4xxx/CVE-2016-4787.json +++ b/2016/4xxx/CVE-2016-4787.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207" - }, - { - "name" : "1035932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207" + }, + { + "name": "1035932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035932" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5854.json b/2016/5xxx/CVE-2016-5854.json index 8862b5868b7..6656b376b7d 100644 --- a/2016/5xxx/CVE-2016-5854.json +++ b/2016/5xxx/CVE-2016-5854.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-05-01T00:00:00", - "ID" : "CVE-2016-5854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "Android for MSM, Firefox OS for MSM, QRD Android" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Secure Processor" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-05-01T00:00:00", + "ID": "CVE-2016-5854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "Android for MSM, Firefox OS for MSM, QRD Android" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=28d23d4d7999f683b27b6e0c489635265b67a4c9", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=28d23d4d7999f683b27b6e0c489635265b67a4c9" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Secure Processor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98219" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=28d23d4d7999f683b27b6e0c489635265b67a4c9", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=28d23d4d7999f683b27b6e0c489635265b67a4c9" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0209.json b/2019/0xxx/CVE-2019-0209.json index fb6a7fb24c2..3764a7d24bf 100644 --- a/2019/0xxx/CVE-2019-0209.json +++ b/2019/0xxx/CVE-2019-0209.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0209", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0209", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0393.json b/2019/0xxx/CVE-2019-0393.json index 751a64e5de1..2aa872aa597 100644 --- a/2019/0xxx/CVE-2019-0393.json +++ b/2019/0xxx/CVE-2019-0393.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0393", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0393", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3343.json b/2019/3xxx/CVE-2019-3343.json index 3ee9cb7e4da..38cfb6ec59b 100644 --- a/2019/3xxx/CVE-2019-3343.json +++ b/2019/3xxx/CVE-2019-3343.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3343", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3343", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3471.json b/2019/3xxx/CVE-2019-3471.json index dd918680a0e..536202f0d01 100644 --- a/2019/3xxx/CVE-2019-3471.json +++ b/2019/3xxx/CVE-2019-3471.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3471", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3471", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3577.json b/2019/3xxx/CVE-2019-3577.json index 9910e580b96..af2ae7ec219 100644 --- a/2019/3xxx/CVE-2019-3577.json +++ b/2019/3xxx/CVE-2019-3577.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/caokang/waimai/issues/9", - "refsource" : "MISC", - "url" : "https://github.com/caokang/waimai/issues/9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/caokang/waimai/issues/9", + "refsource": "MISC", + "url": "https://github.com/caokang/waimai/issues/9" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3984.json b/2019/3xxx/CVE-2019-3984.json index abb075fc832..b1b6a88ccc0 100644 --- a/2019/3xxx/CVE-2019-3984.json +++ b/2019/3xxx/CVE-2019-3984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4261.json b/2019/4xxx/CVE-2019-4261.json index f3cc616ec02..9f40b415664 100644 --- a/2019/4xxx/CVE-2019-4261.json +++ b/2019/4xxx/CVE-2019-4261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4261", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4261", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4639.json b/2019/4xxx/CVE-2019-4639.json index dd0afe88d25..761f4b32ba1 100644 --- a/2019/4xxx/CVE-2019-4639.json +++ b/2019/4xxx/CVE-2019-4639.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4639", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4639", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4640.json b/2019/4xxx/CVE-2019-4640.json index e65ac7f7bd7..5098b6dfdf2 100644 --- a/2019/4xxx/CVE-2019-4640.json +++ b/2019/4xxx/CVE-2019-4640.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4640", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4640", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4998.json b/2019/4xxx/CVE-2019-4998.json index b176104b738..0aafdd21ed2 100644 --- a/2019/4xxx/CVE-2019-4998.json +++ b/2019/4xxx/CVE-2019-4998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4998", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4998", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7261.json b/2019/7xxx/CVE-2019-7261.json index 741349f2ca3..bec9ec78f9e 100644 --- a/2019/7xxx/CVE-2019-7261.json +++ b/2019/7xxx/CVE-2019-7261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7261", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7261", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7622.json b/2019/7xxx/CVE-2019-7622.json index 3e1a7b51a81..dd7b02e657e 100644 --- a/2019/7xxx/CVE-2019-7622.json +++ b/2019/7xxx/CVE-2019-7622.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7622", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7622", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7870.json b/2019/7xxx/CVE-2019-7870.json index cfc4c4f61b6..3ecf6840f2d 100644 --- a/2019/7xxx/CVE-2019-7870.json +++ b/2019/7xxx/CVE-2019-7870.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7870", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7870", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7887.json b/2019/7xxx/CVE-2019-7887.json index 5b0ff518a57..3c60fc7eb7f 100644 --- a/2019/7xxx/CVE-2019-7887.json +++ b/2019/7xxx/CVE-2019-7887.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7887", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7887", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8608.json b/2019/8xxx/CVE-2019-8608.json index 083f74d623c..d279b3e1127 100644 --- a/2019/8xxx/CVE-2019-8608.json +++ b/2019/8xxx/CVE-2019-8608.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8608", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8608", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8699.json b/2019/8xxx/CVE-2019-8699.json index fa0dbfdb7c8..0d9e24a3c0d 100644 --- a/2019/8xxx/CVE-2019-8699.json +++ b/2019/8xxx/CVE-2019-8699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8699", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8699", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8754.json b/2019/8xxx/CVE-2019-8754.json index 0f8fc15e3e7..d0af8945544 100644 --- a/2019/8xxx/CVE-2019-8754.json +++ b/2019/8xxx/CVE-2019-8754.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8754", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8754", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8998.json b/2019/8xxx/CVE-2019-8998.json index ed8afd4684d..d85714d4b42 100644 --- a/2019/8xxx/CVE-2019-8998.json +++ b/2019/8xxx/CVE-2019-8998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8998", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8998", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9209.json b/2019/9xxx/CVE-2019-9209.json index d1e5fcac893..0e94f17f637 100644 --- a/2019/9xxx/CVE-2019-9209.json +++ b/2019/9xxx/CVE-2019-9209.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2019-06.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2019-06.html" - }, - { - "name" : "107203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b" + }, + { + "name": "107203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107203" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2019-06.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2019-06.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9660.json b/2019/9xxx/CVE-2019-9660.json index 88e7d2677c8..636411f33c7 100644 --- a/2019/9xxx/CVE-2019-9660.json +++ b/2019/9xxx/CVE-2019-9660.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html \"catname\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/yzmcms/yzmcms/issues/12", - "refsource" : "MISC", - "url" : "https://github.com/yzmcms/yzmcms/issues/12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html \"catname\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/yzmcms/yzmcms/issues/12", + "refsource": "MISC", + "url": "https://github.com/yzmcms/yzmcms/issues/12" + } + ] + } +} \ No newline at end of file