From 06975b2a3f9786317a87da5c5cb408e432053618 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:26:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1405.json | 140 ++++----- 2005/2xxx/CVE-2005-2477.json | 160 +++++----- 2005/2xxx/CVE-2005-2982.json | 120 ++++---- 2005/2xxx/CVE-2005-2991.json | 150 +++++----- 2005/3xxx/CVE-2005-3097.json | 130 ++++----- 2005/3xxx/CVE-2005-3406.json | 170 +++++------ 2005/3xxx/CVE-2005-3477.json | 150 +++++----- 2005/4xxx/CVE-2005-4142.json | 180 ++++++------ 2005/4xxx/CVE-2005-4144.json | 180 ++++++------ 2005/4xxx/CVE-2005-4554.json | 200 ++++++------- 2005/4xxx/CVE-2005-4602.json | 170 +++++------ 2009/2xxx/CVE-2009-2170.json | 120 ++++---- 2009/2xxx/CVE-2009-2514.json | 140 ++++----- 2009/3xxx/CVE-2009-3346.json | 140 ++++----- 2009/3xxx/CVE-2009-3531.json | 160 +++++----- 2009/4xxx/CVE-2009-4003.json | 240 +++++++-------- 2009/4xxx/CVE-2009-4188.json | 130 ++++----- 2009/4xxx/CVE-2009-4265.json | 140 ++++----- 2009/4xxx/CVE-2009-4610.json | 120 ++++---- 2009/4xxx/CVE-2009-4884.json | 140 ++++----- 2009/4xxx/CVE-2009-4897.json | 210 +++++++------- 2015/0xxx/CVE-2015-0070.json | 140 ++++----- 2015/0xxx/CVE-2015-0278.json | 180 ++++++------ 2015/0xxx/CVE-2015-0376.json | 140 ++++----- 2015/0xxx/CVE-2015-0722.json | 120 ++++---- 2015/0xxx/CVE-2015-0753.json | 130 ++++----- 2015/0xxx/CVE-2015-0754.json | 130 ++++----- 2015/1xxx/CVE-2015-1020.json | 34 +-- 2015/1xxx/CVE-2015-1146.json | 150 +++++----- 2015/1xxx/CVE-2015-1171.json | 140 ++++----- 2015/1xxx/CVE-2015-1590.json | 160 +++++----- 2015/4xxx/CVE-2015-4209.json | 140 ++++----- 2015/4xxx/CVE-2015-4404.json | 34 +-- 2015/4xxx/CVE-2015-4712.json | 34 +-- 2015/4xxx/CVE-2015-4734.json | 450 ++++++++++++++--------------- 2015/5xxx/CVE-2015-5030.json | 34 +-- 2015/5xxx/CVE-2015-5178.json | 180 ++++++------ 2015/5xxx/CVE-2015-5779.json | 170 +++++------ 2018/1002xxx/CVE-2018-1002103.json | 170 +++++------ 2018/1999xxx/CVE-2018-1999008.json | 126 ++++---- 2018/2xxx/CVE-2018-2417.json | 180 ++++++------ 2018/2xxx/CVE-2018-2647.json | 190 ++++++------ 2018/2xxx/CVE-2018-2656.json | 198 ++++++------- 2018/2xxx/CVE-2018-2819.json | 278 +++++++++--------- 2018/3xxx/CVE-2018-3407.json | 34 +-- 2018/3xxx/CVE-2018-3495.json | 34 +-- 2018/3xxx/CVE-2018-3819.json | 120 ++++---- 2018/3xxx/CVE-2018-3886.json | 122 ++++---- 2018/6xxx/CVE-2018-6347.json | 132 ++++----- 2018/6xxx/CVE-2018-6616.json | 140 ++++----- 2018/6xxx/CVE-2018-6730.json | 34 +-- 2018/6xxx/CVE-2018-6915.json | 34 +-- 2018/7xxx/CVE-2018-7019.json | 34 +-- 2018/7xxx/CVE-2018-7112.json | 160 +++++----- 2018/7xxx/CVE-2018-7331.json | 160 +++++----- 2018/7xxx/CVE-2018-7339.json | 120 ++++---- 2018/7xxx/CVE-2018-7858.json | 190 ++++++------ 57 files changed, 4056 insertions(+), 4056 deletions(-) diff --git a/1999/1xxx/CVE-1999-1405.json b/1999/1xxx/CVE-1999-1405.json index 5aef7ce5a44..fc95191b4cb 100644 --- a/1999/1xxx/CVE-1999-1405.json +++ b/1999/1xxx/CVE-1999-1405.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990217 snap utility for AIX.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91936783009385&w=2" - }, - { - "name" : "19990220 Re: snap utility for AIX.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91954824614013&w=2" - }, - { - "name" : "375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990220 Re: snap utility for AIX.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91954824614013&w=2" + }, + { + "name": "375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/375" + }, + { + "name": "19990217 snap utility for AIX.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91936783009385&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2477.json b/2005/2xxx/CVE-2005-2477.json index 948ae7f2e47..b87242defa3 100644 --- a/2005/2xxx/CVE-2005-2477.json +++ b/2005/2xxx/CVE-2005-2477.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a \"'\" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050802 [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112301600608192&w=2" - }, - { - "name" : "14456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14456" - }, - { - "name" : "1014613", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014613" - }, - { - "name" : "16262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16262" - }, - { - "name" : "naxtorshoppingcart-path-disclosure(21677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a \"'\" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14456" + }, + { + "name": "1014613", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014613" + }, + { + "name": "20050802 [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112301600608192&w=2" + }, + { + "name": "naxtorshoppingcart-path-disclosure(21677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21677" + }, + { + "name": "16262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16262" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2982.json b/2005/2xxx/CVE-2005-2982.json index 61935e7a877..ccfcc735df3 100644 --- a/2005/2xxx/CVE-2005-2982.json +++ b/2005/2xxx/CVE-2005-2982.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050914 404 error XSS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112680922318639&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050914 404 error XSS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112680922318639&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2991.json b/2005/2xxx/CVE-2005-2991.json index f28770afc33..62a79c0de4a 100644 --- a/2005/2xxx/CVE-2005-2991.json +++ b/2005/2xxx/CVE-2005-2991.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050916 ncompress insecure temporary file creation", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112689772732098&w=2" - }, - { - "name" : "20050916 ncompress insecure temporary file creation", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=112688098630314&w=2" - }, - { - "name" : "http://www.zataz.net/adviso/ncompress-09052005.txt", - "refsource" : "MISC", - "url" : "http://www.zataz.net/adviso/ncompress-09052005.txt" - }, - { - "name" : "12", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/12" + }, + { + "name": "20050916 ncompress insecure temporary file creation", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=112688098630314&w=2" + }, + { + "name": "20050916 ncompress insecure temporary file creation", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112689772732098&w=2" + }, + { + "name": "http://www.zataz.net/adviso/ncompress-09052005.txt", + "refsource": "MISC", + "url": "http://www.zataz.net/adviso/ncompress-09052005.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3097.json b/2005/3xxx/CVE-2005-3097.json index b91c2f1c076..72d7fde7907 100644 --- a/2005/3xxx/CVE-2005-3097.json +++ b/2005/3xxx/CVE-2005-3097.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via \"..\" sequences in the contribdir variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cirt.net/advisories/alkalay.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/alkalay.shtml" - }, - { - "name" : "19522", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via \"..\" sequences in the contribdir variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cirt.net/advisories/alkalay.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/alkalay.shtml" + }, + { + "name": "19522", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19522" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3406.json b/2005/3xxx/CVE-2005-3406.json index 9cd7a69e1dd..ca6dec3b9af 100644 --- a/2005/3xxx/CVE-2005-3406.json +++ b/2005/3xxx/CVE-2005-3406.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/phpesp/phpESP/docs/CHANGES?rev=.&content-type=text/plain", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/phpesp/phpESP/docs/CHANGES?rev=.&content-type=text/plain" - }, - { - "name" : "15232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15232" - }, - { - "name" : "ADV-2005-2237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2237" - }, - { - "name" : "20357", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20357" - }, - { - "name" : "17333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17333" - }, - { - "name" : "phpesp-unknown-xss(22904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2237" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/phpesp/phpESP/docs/CHANGES?rev=.&content-type=text/plain", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/phpesp/phpESP/docs/CHANGES?rev=.&content-type=text/plain" + }, + { + "name": "20357", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20357" + }, + { + "name": "phpesp-unknown-xss(22904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22904" + }, + { + "name": "15232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15232" + }, + { + "name": "17333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17333" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3477.json b/2005/3xxx/CVE-2005-3477.json index 668048a0a2e..74c27e6779e 100644 --- a/2005/3xxx/CVE-2005-3477.json +++ b/2005/3xxx/CVE-2005-3477.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051025 Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0519.html" - }, - { - "name" : "15286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15286" - }, - { - "name" : "17393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17393" - }, - { - "name" : "105", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17393" + }, + { + "name": "105", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/105" + }, + { + "name": "15286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15286" + }, + { + "name": "20051025 Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0519.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4142.json b/2005/4xxx/CVE-2005-4142.json index 05951c6080d..18ccb91915b 100644 --- a/2005/4xxx/CVE-2005-4142.json +++ b/2005/4xxx/CVE-2005-4142.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html" - }, - { - "name" : "20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419077/100/0/threaded" - }, - { - "name" : "http://metasploit.com/research/vulns/lyris_listmanager/", - "refsource" : "MISC", - "url" : "http://metasploit.com/research/vulns/lyris_listmanager/" - }, - { - "name" : "15786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15786" - }, - { - "name" : "ADV-2005-2820", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2820" - }, - { - "name" : "21547", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21547" - }, - { - "name" : "17943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21547", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21547" + }, + { + "name": "20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419077/100/0/threaded" + }, + { + "name": "http://metasploit.com/research/vulns/lyris_listmanager/", + "refsource": "MISC", + "url": "http://metasploit.com/research/vulns/lyris_listmanager/" + }, + { + "name": "15786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15786" + }, + { + "name": "ADV-2005-2820", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2820" + }, + { + "name": "20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html" + }, + { + "name": "17943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17943" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4144.json b/2005/4xxx/CVE-2005-4144.json index d186c4672de..ca072ebdc98 100644 --- a/2005/4xxx/CVE-2005-4144.json +++ b/2005/4xxx/CVE-2005-4144.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lyris ListManager 5.0 through 8.9a allows remote attackers to add \"ORDER BY\" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html" - }, - { - "name" : "20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419077/100/0/threaded" - }, - { - "name" : "http://metasploit.com/research/vulns/lyris_listmanager/", - "refsource" : "MISC", - "url" : "http://metasploit.com/research/vulns/lyris_listmanager/" - }, - { - "name" : "15787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15787" - }, - { - "name" : "ADV-2005-2820", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2820" - }, - { - "name" : "21549", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21549" - }, - { - "name" : "17943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lyris ListManager 5.0 through 8.9a allows remote attackers to add \"ORDER BY\" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419077/100/0/threaded" + }, + { + "name": "http://metasploit.com/research/vulns/lyris_listmanager/", + "refsource": "MISC", + "url": "http://metasploit.com/research/vulns/lyris_listmanager/" + }, + { + "name": "ADV-2005-2820", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2820" + }, + { + "name": "20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html" + }, + { + "name": "21549", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21549" + }, + { + "name": "15787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15787" + }, + { + "name": "17943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17943" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4554.json b/2005/4xxx/CVE-2005-4554.json index 1e25e8ee548..0d2fcfad411 100644 --- a/2005/4xxx/CVE-2005-4554.json +++ b/2005/4xxx/CVE-2005-4554.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051224 Dev web management system <= 1.5 SQL injection / cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420253/100/0/threaded" - }, - { - "name" : "http://rgod.altervista.org/dev_15_sql_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/dev_15_sql_xpl.html" - }, - { - "name" : "16063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16063" - }, - { - "name" : "22040", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22040" - }, - { - "name" : "22041", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22041" - }, - { - "name" : "22042", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22042" - }, - { - "name" : "1015410", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015410" - }, - { - "name" : "18239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18239" - }, - { - "name" : "dev-openforum-sql-injection(23898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22041", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22041" + }, + { + "name": "22042", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22042" + }, + { + "name": "http://rgod.altervista.org/dev_15_sql_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/dev_15_sql_xpl.html" + }, + { + "name": "16063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16063" + }, + { + "name": "dev-openforum-sql-injection(23898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23898" + }, + { + "name": "18239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18239" + }, + { + "name": "1015410", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015410" + }, + { + "name": "22040", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22040" + }, + { + "name": "20051224 Dev web management system <= 1.5 SQL injection / cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420253/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4602.json b/2005/4xxx/CVE-2005-4602.json index 8cd86d7ccd5..98323bd6f01 100644 --- a/2005/4xxx/CVE-2005-4602.json +++ b/2005/4xxx/CVE-2005-4602.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051231 MyBB 1.0 SQL injection in uploading file", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420573/100/0/threaded" - }, - { - "name" : "16097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16097" - }, - { - "name" : "ADV-2006-0012", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0012" - }, - { - "name" : "22159", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22159" - }, - { - "name" : "18281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18281" - }, - { - "name" : "311", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0012", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0012" + }, + { + "name": "20051231 MyBB 1.0 SQL injection in uploading file", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420573/100/0/threaded" + }, + { + "name": "22159", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22159" + }, + { + "name": "311", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/311" + }, + { + "name": "18281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18281" + }, + { + "name": "16097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16097" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2170.json b/2009/2xxx/CVE-2009-2170.json index 745288b6a60..2b33216b0ef 100644 --- a/2009/2xxx/CVE-2009-2170.json +++ b/2009/2xxx/CVE-2009-2170.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mahara.org/interaction/forum/topic.php?id=752", - "refsource" : "CONFIRM", - "url" : "http://mahara.org/interaction/forum/topic.php?id=752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mahara.org/interaction/forum/topic.php?id=752", + "refsource": "CONFIRM", + "url": "http://mahara.org/interaction/forum/topic.php?id=752" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2514.json b/2009/2xxx/CVE-2009-2514.json index 326c101f3c4..6935abde41a 100644 --- a/2009/2xxx/CVE-2009-2514.json +++ b/2009/2xxx/CVE-2009-2514.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka \"Win32k EOT Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-2514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-065" - }, - { - "name" : "TA09-314A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-314A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6406", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka \"Win32k EOT Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS09-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-065" + }, + { + "name": "TA09-314A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html" + }, + { + "name": "oval:org.mitre.oval:def:6406", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6406" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3346.json b/2009/3xxx/CVE-2009-3346.json index a852c9ed057..d0a984cafe3 100644 --- a/2009/3xxx/CVE-2009-3346.json +++ b/2009/3xxx/CVE-2009-3346.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36267" - }, - { - "name" : "36583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36267" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + }, + { + "name": "36583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36583" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3531.json b/2009/3xxx/CVE-2009-3531.json index 5aeb30102d4..1e86a9c9c1e 100644 --- a/2009/3xxx/CVE-2009-3531.json +++ b/2009/3xxx/CVE-2009-3531.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9099", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9099" - }, - { - "name" : "http://packetstormsecurity.org/0907-exploits/universecms-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/universecms-sql.txt" - }, - { - "name" : "55761", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55761" - }, - { - "name" : "35737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35737" - }, - { - "name" : "universecms-vnews-sql-injection(51621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0907-exploits/universecms-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/universecms-sql.txt" + }, + { + "name": "9099", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9099" + }, + { + "name": "35737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35737" + }, + { + "name": "universecms-vnews-sql-injection(51621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51621" + }, + { + "name": "55761", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55761" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4003.json b/2009/4xxx/CVE-2009-4003.json index 19b8a7d18d7..4dd51f354f1 100644 --- a/2009/4xxx/CVE-2009-4003.json +++ b/2009/4xxx/CVE-2009-4003.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-4003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100120 Secunia Research: Adobe Shockwave Player 3D Model Two Integer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509058/100/0/threaded" - }, - { - "name" : "20100120 Secunia Research: Adobe Shockwave Player Four Integer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509055/100/0/threaded" - }, - { - "name" : "20100120 Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509053/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-62/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-62/" - }, - { - "name" : "http://secunia.com/secunia_research/2009-63/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-63/" - }, - { - "name" : "http://secunia.com/secunia_research/2010-1/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-1/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-03.html" - }, - { - "name" : "37872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37872" - }, - { - "name" : "oval:org.mitre.oval:def:8538", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8538" - }, - { - "name" : "1023481", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023481" - }, - { - "name" : "37888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37888" - }, - { - "name" : "ADV-2010-0171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0171" - }, - { - "name" : "shockwave-shockwave-bo(55759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100120 Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509053/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2009-63/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-63/" + }, + { + "name": "37888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37888" + }, + { + "name": "1023481", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023481" + }, + { + "name": "oval:org.mitre.oval:def:8538", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8538" + }, + { + "name": "http://secunia.com/secunia_research/2010-1/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-1/" + }, + { + "name": "20100120 Secunia Research: Adobe Shockwave Player Four Integer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509055/100/0/threaded" + }, + { + "name": "37872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37872" + }, + { + "name": "http://secunia.com/secunia_research/2009-62/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-62/" + }, + { + "name": "ADV-2010-0171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0171" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-03.html" + }, + { + "name": "20100120 Secunia Research: Adobe Shockwave Player 3D Model Two Integer Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509058/100/0/threaded" + }, + { + "name": "shockwave-shockwave-bo(55759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55759" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4188.json b/2009/4xxx/CVE-2009-4188.json index 03260f11bf9..4febc2b8612 100644 --- a/2009/4xxx/CVE-2009-4188.json +++ b/2009/4xxx/CVE-2009-4188.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.intevydis.com/blog/?p=87", - "refsource" : "MISC", - "url" : "http://www.intevydis.com/blog/?p=87" - }, - { - "name" : "36258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36258" + }, + { + "name": "http://www.intevydis.com/blog/?p=87", + "refsource": "MISC", + "url": "http://www.intevydis.com/blog/?p=87" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4265.json b/2009/4xxx/CVE-2009-4265.json index 53f9c85dcff..8ec336eff46 100644 --- a/2009/4xxx/CVE-2009-4265.json +++ b/2009/4xxx/CVE-2009-4265.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freetexthost.com/abydoz3jwu", - "refsource" : "MISC", - "url" : "http://freetexthost.com/abydoz3jwu" - }, - { - "name" : "http://pocoftheday.blogspot.com/2009/12/ideal-administration-2009-v97-local.html", - "refsource" : "MISC", - "url" : "http://pocoftheday.blogspot.com/2009/12/ideal-administration-2009-v97-local.html" - }, - { - "name" : "37572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://freetexthost.com/abydoz3jwu", + "refsource": "MISC", + "url": "http://freetexthost.com/abydoz3jwu" + }, + { + "name": "37572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37572" + }, + { + "name": "http://pocoftheday.blogspot.com/2009/12/ideal-administration-2009-v97-local.html", + "refsource": "MISC", + "url": "http://pocoftheday.blogspot.com/2009/12/ideal-administration-2009-v97-local.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4610.json b/2009/4xxx/CVE-2009-4610.json index e74cdfc0175..d524752a71f 100644 --- a/2009/4xxx/CVE-2009-4610.json +++ b/2009/4xxx/CVE-2009-4610.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4884.json b/2009/4xxx/CVE-2009-4884.json index 2cc1626811c..7a7a975b6af 100644 --- a/2009/4xxx/CVE-2009-4884.json +++ b/2009/4xxx/CVE-2009-4884.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090307 phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501588/100/0/threaded" - }, - { - "name" : "8185", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8185" - }, - { - "name" : "phpcommunity-classforum-sql-injection(49151)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpcommunity-classforum-sql-injection(49151)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49151" + }, + { + "name": "20090307 phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501588/100/0/threaded" + }, + { + "name": "8185", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8185" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4897.json b/2009/4xxx/CVE-2009-4897.json index 1c47cf5625b..5c606bed3c7 100644 --- a/2009/4xxx/CVE-2009-4897.json +++ b/2009/4xxx/CVE-2009-4897.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.ghostscript.com/show_bug.cgi?id=690523", - "refsource" : "CONFIRM", - "url" : "http://bugs.ghostscript.com/show_bug.cgi?id=690523" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=613792", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=613792" - }, - { - "name" : "GLSA-201412-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-17.xml" - }, - { - "name" : "MDVSA-2010:134", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134" - }, - { - "name" : "MDVSA-2010:135", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135" - }, - { - "name" : "USN-961-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-961-1" - }, - { - "name" : "41593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41593" - }, - { - "name" : "66277", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66277" - }, - { - "name" : "40580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40580" - }, - { - "name" : "ghostscript-iscan-bo(60380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201412-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-17.xml" + }, + { + "name": "MDVSA-2010:134", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134" + }, + { + "name": "66277", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66277" + }, + { + "name": "ghostscript-iscan-bo(60380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60380" + }, + { + "name": "USN-961-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-961-1" + }, + { + "name": "MDVSA-2010:135", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135" + }, + { + "name": "40580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40580" + }, + { + "name": "41593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41593" + }, + { + "name": "http://bugs.ghostscript.com/show_bug.cgi?id=690523", + "refsource": "CONFIRM", + "url": "http://bugs.ghostscript.com/show_bug.cgi?id=690523" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=613792", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613792" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0070.json b/2015/0xxx/CVE-2015-0070.json index f7448801a3b..0b8fd653cc8 100644 --- a/2015/0xxx/CVE-2015-0070.json +++ b/2015/0xxx/CVE-2015-0070.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Internet Explorer Cross-domain Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72480" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Internet Explorer Cross-domain Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "72480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72480" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0278.json b/2015/0xxx/CVE-2015-0278.json index cbcc6c7da72..b60354b06ac 100644 --- a/2015/0xxx/CVE-2015-0278.json +++ b/2015/0xxx/CVE-2015-0278.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://advisories.mageia.org/MGASA-2015-0186.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0186.html" - }, - { - "name" : "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c", - "refsource" : "CONFIRM", - "url" : "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c" - }, - { - "name" : "https://github.com/libuv/libuv/pull/215", - "refsource" : "CONFIRM", - "url" : "https://github.com/libuv/libuv/pull/215" - }, - { - "name" : "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ" - }, - { - "name" : "FEDORA-2015-2313", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html" - }, - { - "name" : "GLSA-201611-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-10" - }, - { - "name" : "MDVSA-2015:228", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ" + }, + { + "name": "MDVSA-2015:228", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0186.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0186.html" + }, + { + "name": "FEDORA-2015-2313", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html" + }, + { + "name": "https://github.com/libuv/libuv/pull/215", + "refsource": "CONFIRM", + "url": "https://github.com/libuv/libuv/pull/215" + }, + { + "name": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c", + "refsource": "CONFIRM", + "url": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c" + }, + { + "name": "GLSA-201611-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-10" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0376.json b/2015/0xxx/CVE-2015-0376.json index e1ea8c6dc1c..0be2446f6f3 100644 --- a/2015/0xxx/CVE-2015-0376.json +++ b/2015/0xxx/CVE-2015-0376.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72189" - }, - { - "name" : "62487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "72189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72189" + }, + { + "name": "62487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62487" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0722.json b/2015/0xxx/CVE-2015-0722.json index 7a159ad8534..39f3081b3ea 100644 --- a/2015/0xxx/CVE-2015-0722.json +++ b/2015/0xxx/CVE-2015-0722.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150513 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150513 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0753.json b/2015/0xxx/CVE-2015-0753.json index 259e2d7e7e3..8f18f6fbc99 100644 --- a/2015/0xxx/CVE-2015-0753.json +++ b/2015/0xxx/CVE-2015-0753.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150527 Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager SQL Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39013" - }, - { - "name" : "1032422", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032422", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032422" + }, + { + "name": "20150527 Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39013" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0754.json b/2015/0xxx/CVE-2015-0754.json index c46f849132f..30d518f4bd8 100644 --- a/2015/0xxx/CVE-2015-0754.json +++ b/2015/0xxx/CVE-2015-0754.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150527 Cisco Finesse XML Processing Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39015" - }, - { - "name" : "1032423", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150527 Cisco Finesse XML Processing Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39015" + }, + { + "name": "1032423", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032423" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1020.json b/2015/1xxx/CVE-2015-1020.json index af256fdcc7b..f4aed5827ef 100644 --- a/2015/1xxx/CVE-2015-1020.json +++ b/2015/1xxx/CVE-2015-1020.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1020", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1020", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1146.json b/2015/1xxx/CVE-2015-1146.json index 9dc5726ecaf..d334216686c 100644 --- a/2015/1xxx/CVE-2015-1146.json +++ b/2015/1xxx/CVE-2015-1146.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "73982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73982" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "73982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73982" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1171.json b/2015/1xxx/CVE-2015-1171.json index e65a0467fa5..c5047bf174b 100644 --- a/2015/1xxx/CVE-2015-1171.json +++ b/2015/1xxx/CVE-2015-1171.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129992/simeditor-overflow.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129992/simeditor-overflow.txt" - }, - { - "name" : "https://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/", - "refsource" : "MISC", - "url" : "https://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/" - }, - { - "name" : "https://www.youtube.com/watch?v=tljbFpYtDTk", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=tljbFpYtDTk" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/", + "refsource": "MISC", + "url": "https://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/" + }, + { + "name": "http://packetstormsecurity.com/files/129992/simeditor-overflow.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129992/simeditor-overflow.txt" + }, + { + "name": "https://www.youtube.com/watch?v=tljbFpYtDTk", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=tljbFpYtDTk" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1590.json b/2015/1xxx/CVE-2015-1590.json index f6bafdc2856..bf8ec0873da 100644 --- a/2015/1xxx/CVE-2015-1590.json +++ b/2015/1xxx/CVE-2015-1590.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150212 Re: kamailio: multiple /tmp file vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/12/7" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681" - }, - { - "name" : "https://github.com/kamailio/kamailio/blob/4.3.0/ChangeLog#L2038", - "refsource" : "CONFIRM", - "url" : "https://github.com/kamailio/kamailio/blob/4.3.0/ChangeLog#L2038" - }, - { - "name" : "https://github.com/kamailio/kamailio/commit/06177b12936146d48378cc5f6c6e1b157ebd519b", - "refsource" : "CONFIRM", - "url" : "https://github.com/kamailio/kamailio/commit/06177b12936146d48378cc5f6c6e1b157ebd519b" - }, - { - "name" : "https://github.com/kamailio/kamailio/issues/48", - "refsource" : "CONFIRM", - "url" : "https://github.com/kamailio/kamailio/issues/48" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150212 Re: kamailio: multiple /tmp file vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/12/7" + }, + { + "name": "https://github.com/kamailio/kamailio/issues/48", + "refsource": "CONFIRM", + "url": "https://github.com/kamailio/kamailio/issues/48" + }, + { + "name": "https://github.com/kamailio/kamailio/blob/4.3.0/ChangeLog#L2038", + "refsource": "CONFIRM", + "url": "https://github.com/kamailio/kamailio/blob/4.3.0/ChangeLog#L2038" + }, + { + "name": "https://github.com/kamailio/kamailio/commit/06177b12936146d48378cc5f6c6e1b157ebd519b", + "refsource": "CONFIRM", + "url": "https://github.com/kamailio/kamailio/commit/06177b12936146d48378cc5f6c6e1b157ebd519b" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4209.json b/2015/4xxx/CVE-2015-4209.json index 94a628cc2a6..cc56e58a59a 100644 --- a/2015/4xxx/CVE-2015-4209.json +++ b/2015/4xxx/CVE-2015-4209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150622 Cisco WebEx Meetings Host Calendar Download Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39459" - }, - { - "name" : "75351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75351" - }, - { - "name" : "1032705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150622 Cisco WebEx Meetings Host Calendar Download Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39459" + }, + { + "name": "75351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75351" + }, + { + "name": "1032705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032705" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4404.json b/2015/4xxx/CVE-2015-4404.json index 7cc14b9fd99..9bf4641b097 100644 --- a/2015/4xxx/CVE-2015-4404.json +++ b/2015/4xxx/CVE-2015-4404.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4404", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4404", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4712.json b/2015/4xxx/CVE-2015-4712.json index 2878c394b50..5f4bdba0c64 100644 --- a/2015/4xxx/CVE-2015-4712.json +++ b/2015/4xxx/CVE-2015-4712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4734.json b/2015/4xxx/CVE-2015-4734.json index 51dfcf63a9a..fedb739f8c9 100644 --- a/2015/4xxx/CVE-2015-4734.json +++ b/2015/4xxx/CVE-2015-4734.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3381", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3381" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "GLSA-201603-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-14" - }, - { - "name" : "RHSA-2016:1430", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1430" - }, - { - "name" : "RHSA-2015:2506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2506.html" - }, - { - "name" : "RHSA-2015:2507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2507.html" - }, - { - "name" : "RHSA-2015:2508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2508.html" - }, - { - "name" : "RHSA-2015:2509", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2509.html" - }, - { - "name" : "RHSA-2015:1919", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1919.html" - }, - { - "name" : "RHSA-2015:1920", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1920.html" - }, - { - "name" : "RHSA-2015:1921", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1921.html" - }, - { - "name" : "RHSA-2015:1926", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1926.html" - }, - { - "name" : "RHSA-2015:1927", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1927.html" - }, - { - "name" : "RHSA-2015:1928", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1928.html" - }, - { - "name" : "SUSE-SU-2016:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2016:0270", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" - }, - { - "name" : "SUSE-SU-2015:2166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:2168", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:2182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:2192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:2216", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:2268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html" - }, - { - "name" : "SUSE-SU-2015:1874", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:1875", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html" - }, - { - "name" : "openSUSE-SU-2015:1902", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html" - }, - { - "name" : "openSUSE-SU-2015:1905", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:1906", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html" - }, - { - "name" : "USN-2827-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2827-1" - }, - { - "name" : "USN-2784-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2784-1" - }, - { - "name" : "77192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77192" - }, - { - "name" : "1033884", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:2182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" + }, + { + "name": "USN-2784-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2784-1" + }, + { + "name": "openSUSE-SU-2015:1905", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html" + }, + { + "name": "SUSE-SU-2015:2192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" + }, + { + "name": "openSUSE-SU-2015:1906", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html" + }, + { + "name": "RHSA-2015:2507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2507.html" + }, + { + "name": "RHSA-2015:1928", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1928.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "RHSA-2016:1430", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1430" + }, + { + "name": "RHSA-2015:2506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2506.html" + }, + { + "name": "RHSA-2015:2509", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2509.html" + }, + { + "name": "1033884", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033884" + }, + { + "name": "SUSE-SU-2015:2166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "openSUSE-SU-2016:0270", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" + }, + { + "name": "RHSA-2015:1919", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1919.html" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "openSUSE-SU-2015:1902", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html" + }, + { + "name": "RHSA-2015:1920", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1920.html" + }, + { + "name": "GLSA-201603-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-14" + }, + { + "name": "77192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77192" + }, + { + "name": "SUSE-SU-2015:2216", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" + }, + { + "name": "RHSA-2015:1927", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1927.html" + }, + { + "name": "openSUSE-SU-2015:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html" + }, + { + "name": "SUSE-SU-2015:2268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html" + }, + { + "name": "SUSE-SU-2015:2168", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" + }, + { + "name": "RHSA-2015:1921", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1921.html" + }, + { + "name": "SUSE-SU-2015:1874", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html" + }, + { + "name": "DSA-3381", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3381" + }, + { + "name": "RHSA-2015:1926", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1926.html" + }, + { + "name": "SUSE-SU-2015:1875", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html" + }, + { + "name": "RHSA-2015:2508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2508.html" + }, + { + "name": "SUSE-SU-2016:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" + }, + { + "name": "USN-2827-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2827-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5030.json b/2015/5xxx/CVE-2015-5030.json index 9b4451a432f..a4f5e93714d 100644 --- a/2015/5xxx/CVE-2015-5030.json +++ b/2015/5xxx/CVE-2015-5030.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5030", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5030", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5178.json b/2015/5xxx/CVE-2015-5178.json index 87d61126485..b9f52b6d3d7 100644 --- a/2015/5xxx/CVE-2015-5178.json +++ b/2015/5xxx/CVE-2015-5178.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250552", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250552" - }, - { - "name" : "RHSA-2015:1904", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1904.html" - }, - { - "name" : "RHSA-2015:1905", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1905.html" - }, - { - "name" : "RHSA-2015:1906", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1906.html" - }, - { - "name" : "RHSA-2015:1907", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1907.html" - }, - { - "name" : "RHSA-2015:1908", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1908.html" - }, - { - "name" : "1033859", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1905", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1905.html" + }, + { + "name": "RHSA-2015:1904", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1904.html" + }, + { + "name": "RHSA-2015:1908", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1908.html" + }, + { + "name": "RHSA-2015:1907", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1907.html" + }, + { + "name": "1033859", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033859" + }, + { + "name": "RHSA-2015:1906", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1906.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5779.json b/2015/5xxx/CVE-2015-5779.json index f3c852ead18..857dc246f81 100644 --- a/2015/5xxx/CVE-2015-5779.json +++ b/2015/5xxx/CVE-2015-5779.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "https://support.apple.com/HT205046", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205046" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-08-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html" - }, - { - "name" : "76340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76340" - }, - { - "name" : "1033276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205046", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205046" + }, + { + "name": "76340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76340" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "APPLE-SA-2015-08-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "1033276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033276" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002103.json b/2018/1002xxx/CVE-2018-1002103.json index b566c3f1846..d1edbbcfd99 100644 --- a/2018/1002xxx/CVE-2018-1002103.json +++ b/2018/1002xxx/CVE-2018-1002103.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "jordan@liggitt.net", - "DATE_ASSIGNED" : "2018-10-03", - "ID" : "CVE-2018-1002103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Minikube", - "version" : { - "version_data" : [ - { - "version_affected" : ">=", - "version_value" : "v0.3.0" - }, - { - "version_affected" : "<", - "version_value" : "v0.30.0" - } - ] - } - } - ] - }, - "vendor_name" : "Kubernetes" - } - ] - } - }, - "credit" : [ - "Reported by Alex Kaskasoli" - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 8.1, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "jordan@liggitt.net", + "DATE_ASSIGNED": "2018-10-03", + "ID": "CVE-2018-1002103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Minikube", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "v0.3.0" + }, + { + "version_affected": "<", + "version_value": "v0.30.0" + } + ] + } + } + ] + }, + "vendor_name": "Kubernetes" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kubernetes/minikube/issues/3208", - "refsource" : "CONFIRM", - "url" : "https://github.com/kubernetes/minikube/issues/3208" - } - ] - } -} + } + }, + "credit": [ + "Reported by Alex Kaskasoli" + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kubernetes/minikube/issues/3208", + "refsource": "CONFIRM", + "url": "https://github.com/kubernetes/minikube/issues/3208" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999008.json b/2018/1999xxx/CVE-2018-1999008.json index 2cfd8b53b6f..0de7a8486b4 100644 --- a/2018/1999xxx/CVE-2018-1999008.json +++ b/2018/1999xxx/CVE-2018-1999008.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-20T20:44:32.971688", - "DATE_REQUESTED" : "2018-07-11T08:16:35", - "ID" : "CVE-2018-1999008", - "REQUESTER" : "elarlang@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "October CMS", - "version" : { - "version_data" : [ - { - "version_value" : "prior to build 437" - } - ] - } - } - ] - }, - "vendor_name" : "October CMS" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-20T20:44:32.971688", + "DATE_REQUESTED": "2018-07-11T08:16:35", + "ID": "CVE-2018-1999008", + "REQUESTER": "elarlang@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://octobercms.com/support/article/rn-10", - "refsource" : "CONFIRM", - "url" : "https://octobercms.com/support/article/rn-10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://octobercms.com/support/article/rn-10", + "refsource": "CONFIRM", + "url": "https://octobercms.com/support/article/rn-10" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2417.json b/2018/2xxx/CVE-2018-2417.json index 31e80830fd0..25ab1269c74 100644 --- a/2018/2xxx/CVE-2018-2417.json +++ b/2018/2xxx/CVE-2018-2417.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Identity Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Identity Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2601492", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2601492" - }, - { - "name" : "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/" - }, - { - "name" : "104112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104112" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/" + }, + { + "name": "104112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104112" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2601492", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2601492" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2647.json b/2018/2xxx/CVE-2018-2647.json index 2839b036993..a7c7386d677 100644 --- a/2018/2xxx/CVE-2018-2647.json +++ b/2018/2xxx/CVE-2018-2647.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.38 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.20 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.38 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.20 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180117-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/" - }, - { - "name" : "RHSA-2018:0586", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0586" - }, - { - "name" : "RHSA-2018:0587", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0587" - }, - { - "name" : "USN-3537-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3537-1/" - }, - { - "name" : "102711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102711" - }, - { - "name" : "1040216", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0587", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0587" + }, + { + "name": "USN-3537-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3537-1/" + }, + { + "name": "RHSA-2018:0586", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0586" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102711" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180117-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180117-0002/" + }, + { + "name": "1040216", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040216" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2656.json b/2018/2xxx/CVE-2018-2656.json index c8f9353e48f..b1c65455ce5 100644 --- a/2018/2xxx/CVE-2018-2656.json +++ b/2018/2xxx/CVE-2018-2656.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "General Ledger", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "General Ledger", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102639" - }, - { - "name" : "1040201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040201" + }, + { + "name": "102639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102639" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2819.json b/2018/2xxx/CVE-2018-2819.json index a92a963aae5..62625041bd0 100644 --- a/2018/2xxx/CVE-2018-2819.json +++ b/2018/2xxx/CVE-2018-2819.json @@ -1,141 +1,141 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.59 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.6.39 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.21 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.59 and prior" + }, + { + "version_affected": "=", + "version_value": "5.6.39 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.21 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html" - }, - { - "name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180419-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180419-0002/" - }, - { - "name" : "DSA-4176", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4176" - }, - { - "name" : "DSA-4341", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4341" - }, - { - "name" : "RHSA-2018:1254", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1254" - }, - { - "name" : "RHSA-2018:2439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2439" - }, - { - "name" : "RHSA-2018:2729", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2729" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3629-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-1/" - }, - { - "name" : "USN-3629-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-2/" - }, - { - "name" : "USN-3629-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-3/" - }, - { - "name" : "103814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103814" - }, - { - "name" : "1040698", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4341", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4341" + }, + { + "name": "1040698", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040698" + }, + { + "name": "RHSA-2018:1254", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1254" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180419-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180419-0002/" + }, + { + "name": "RHSA-2018:2729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2729" + }, + { + "name": "DSA-4176", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4176" + }, + { + "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html" + }, + { + "name": "[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "103814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103814" + }, + { + "name": "RHSA-2018:2439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2439" + }, + { + "name": "USN-3629-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-1/" + }, + { + "name": "USN-3629-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-2/" + }, + { + "name": "USN-3629-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3407.json b/2018/3xxx/CVE-2018-3407.json index d72b093e935..92b5d17bd00 100644 --- a/2018/3xxx/CVE-2018-3407.json +++ b/2018/3xxx/CVE-2018-3407.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3407", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3407", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3495.json b/2018/3xxx/CVE-2018-3495.json index 23f1ca27e65..2ac1add3133 100644 --- a/2018/3xxx/CVE-2018-3495.json +++ b/2018/3xxx/CVE-2018-3495.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3495", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3495", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3819.json b/2018/3xxx/CVE-2018-3819.json index 027b774bb1f..c160be42960 100644 --- a/2018/3xxx/CVE-2018-3819.json +++ b/2018/3xxx/CVE-2018-3819.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "bressers@elastic.co", - "ID" : "CVE-2018-3819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kibana", - "version" : { - "version_data" : [ - { - "version_value" : "All versions before 6.1.3 and 5.6.7" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2018-3819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "All versions before 6.1.3 and 5.6.7" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683", - "refsource" : "CONFIRM", - "url" : "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683", + "refsource": "CONFIRM", + "url": "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3886.json b/2018/3xxx/CVE-2018-3886.json index 7a015e603c0..bb0226c0e75 100644 --- a/2018/3xxx/CVE-2018-3886.json +++ b/2018/3xxx/CVE-2018-3886.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-11T00:00:00", - "ID" : "CVE-2018-3886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Computerinsel Photoline", - "version" : { - "version_data" : [ - { - "version_value" : "Computerinsel Photoline 20.53 for OS X" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-11T00:00:00", + "ID": "CVE-2018-3886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Computerinsel Photoline", + "version": { + "version_data": [ + { + "version_value": "Computerinsel Photoline 20.53 for OS X" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0561", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0561", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0561" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6347.json b/2018/6xxx/CVE-2018-6347.json index 5ed6b636a66..736a8e5281a 100644 --- a/2018/6xxx/CVE-2018-6347.json +++ b/2018/6xxx/CVE-2018-6347.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@fb.com", - "DATE_ASSIGNED" : "2018-12-19", - "ID" : "CVE-2018-6347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Proxygen", - "version" : { - "version_data" : [ - { - "version_affected" : "!=>", - "version_value" : "v2018.12.31.00" - }, - { - "version_affected" : "<=", - "version_value" : "v2018.12.31.00" - } - ] - } - } - ] - }, - "vendor_name" : "Facebook" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2018-12-19", + "ID": "CVE-2018-6347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Proxygen", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "v2018.12.31.00" + }, + { + "version_affected": "<=", + "version_value": "v2018.12.31.00" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711", - "refsource" : "MISC", - "url" : "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711", + "refsource": "MISC", + "url": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6616.json b/2018/6xxx/CVE-2018-6616.json index 37bf7e9c76d..91f6a852904 100644 --- a/2018/6xxx/CVE-2018-6616.json +++ b/2018/6xxx/CVE-2018-6616.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181222 [SECURITY] [DLA 1614-1] openjpeg2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/issues/1059", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/issues/1059" - }, - { - "name" : "DSA-4405", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1614-1] openjpeg2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html" + }, + { + "name": "https://github.com/uclouvain/openjpeg/issues/1059", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/issues/1059" + }, + { + "name": "DSA-4405", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4405" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6730.json b/2018/6xxx/CVE-2018-6730.json index 06ebd223fa8..91a8f51525b 100644 --- a/2018/6xxx/CVE-2018-6730.json +++ b/2018/6xxx/CVE-2018-6730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6915.json b/2018/6xxx/CVE-2018-6915.json index 38dbcfa2454..365bdf2e6f4 100644 --- a/2018/6xxx/CVE-2018-6915.json +++ b/2018/6xxx/CVE-2018-6915.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6915", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6915", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7019.json b/2018/7xxx/CVE-2018-7019.json index 7cbd21301fd..e4cf2bb865b 100644 --- a/2018/7xxx/CVE-2018-7019.json +++ b/2018/7xxx/CVE-2018-7019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7019", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7019", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7112.json b/2018/7xxx/CVE-2018-7112.json index 972f6a32e1a..12339e6ccd6 100644 --- a/2018/7xxx/CVE-2018-7112.json +++ b/2018/7xxx/CVE-2018-7112.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows firmware installer for Gen9, Gen8, G7,and G6 HPE servers", - "version" : { - "version_data" : [ - { - "version_value" : "Only the Windows based firmware installers for the following products. HPE Integrated Lights-Out 2 (iLO 2) Firmware for ProLiant G6 Servers - Prior to v2.33, HPE Integrated Lights-Out 3 (iLO 3) Firmware for ProLiant G7 Servers - Prior to v1.90, HPE Integrated Lights-Out 4 (iLO 4) Firmware for ProLiant Gen8 Server firmwares - Prior to v2.60, HPE ProLiant XL750f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL740f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL730f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL450 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL270d Gen9 Special Server - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL260a Gen9 Server firmware - Prior to 1.60_01-22-2018(26 Feb 2018), HPE ProLiant XL250a Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL230a Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL190r Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL170r Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL560 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL380 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL360 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL180 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL160 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL120 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018). HPE ProLiant DL80 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL60 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL20 Gen9 Server firmware - Prior to 2.56_01-22-2018(27 Feb 2018), HPE ProLiant ML350 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant ML150 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant ML110 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant ML30 Gen9 Server firmware - Prior to 2.56_01-22-2018(27 Feb 2018), HPE ProLiant ML10 Gen9 Server firmware - Prior to 2018.01.22(22 Mar 2018), HPE ProLiant BL660c Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant BL460c Gen9 Server firmware Blade - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant WS460c Gen9 Workstation - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL380e Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL360p Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL360e Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL320e Gen8 Server firmware - Prior to 2018.01.22(5 Mar 2018), HPE ProLiant DL320e Gen8 v2 Server firmware - Prior to 2018.01.22(23 Feb 2018), HPE ProLiant DL160 Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant SL250s Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant SL210t Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant BL660c Gen8 Server firmware Blade - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant BL465c Gen8 (AMD) - Prior to 2018.03.14(12 Apr 2018), HPE ProLiant BL460c Gen8 Server firmware Blade - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant BL420c Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant SL4540 Gen8 1 Node Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant SL270s Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL580 Gen8 Server firmware - Prior to 2.00_02-22-2018(2 Mar 2018), HPE ProLiant DL560 Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL380p Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL385p Gen8 (AMD) - Prior to 2018.03.14(12 Apr 2018), HPE ProLiant ML350e Gen8 v2 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant ML350e Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant ML350p Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018),HPE ProLiant ML310e Gen8 v2 Server firmware - Prior to 2018.01.22(23 Feb 2018), HPE ProLiant ML310e Gen8 Server firmware - Prior to 2018.01.22(5 Mar 2018), HPE ProLiant MicroServer Gen8 - Prior to 2018.01.22(5 Mar 2018), HPE ProLiant m710 Server Cartridge firmware - Prior to 2018.01.22(24 Feb 2018), HPE ProLiant m710p Server Cartridge firmware - Prior to 2018.01.22(24 Feb 2018), HPE ProLiant m710x Server Cartridge firmware - Prior to 1.64_01-22-2018(27 Feb 2018), HPE ProLiant m510 Server Cartridge firmware - Prior to 1.64_01-22-2018(27 Feb 2018), HPE ProLiant m350 Server Cartridge firmware - Prior to 2018.01.22(27 Feb 2018), HPE ProLiant m300 Server Cartridge firmware - Prior to 2018.01.22(27 Feb 2018), HPE ProLiant BL2x220c G7 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL980 G7 Server firmware - Prior to 2018.05.21(11 Jul 2018), HPE ProLiant DL585 G7 Server firmware (AMD) - Prior to 2018.03.14(12 Apr 2018), HPE ProLiant DL580 G7 Server firmware - Prior to 2018.05.21(11 Jul 2018), HPE ProLiant DL385 G7 Server firmware - Prior to 2018.03.14(20 Apr 2018), HPE ProLiant DL380 G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL120 G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL360 G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant BL685c G7 Server firmware Blade (AMD) - Prior to 2018.03.14(12 Apr 2018), HPE ProLiant BL680c G7 Server firmware Blade - Prior to 2018.05.21(11 Jul 2018), HPE ProLiant BL620c G7 Server firmware Blade - Prior to 2018.05.21(11 Jul 2018), HPE ProLiant BL490c G7 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant BL465c G7 Server Blade firmware - Prior to 2018.03.14(20 Apr 2018), HPE ProLiant BL460c G7 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant SL390s G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML110 G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML10 v2 Server firmware - Prior to 2018.01.22(23 Feb 2018), HPE ProLiant SL4545 G7 Server firmware (AMD) - Prior to 2018.03.14(A)(12 Apr 2018), HPE ProLiant Thin Micro TM200 Server firmware - Prior to 2.56_01-22-2018(27 Feb 2018), HPE ProLiant DL380 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL370 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL360 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL320 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL180 G6 Server No microcode patch provided, HPE ProLiant DL170h G6 Server No microcode patch provided, HPE ProLiant DL170e G6 Server No microcode patch provided, HPE ProLiant DL160 G6 Server No microcode patch provided, HPE ProLiant DL120 G6 Server No microcode patch provided, HPE ProLiant ML370 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML350 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML330 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML150 G6 Server firmware No microcode patch provided, HPE ProLiant ML110 G6 Server firmware No microcode patch provided, HPE ProLiant SL2x170z G6 Server firmware No microcode patch provided, HPE ProLiant BL490c G6 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant BL460c G6 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant SL170z G6 Server firmware No microcode patch provided, HPE ProLiant SL160s G6 Server firmware No microcode patch provided, HPE ProLiant BL2x220c G6 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant BL280c G6 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "local disclosure of privileged information" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows firmware installer for Gen9, Gen8, G7,and G6 HPE servers", + "version": { + "version_data": [ + { + "version_value": "Only the Windows based firmware installers for the following products. HPE Integrated Lights-Out 2 (iLO 2) Firmware for ProLiant G6 Servers - Prior to v2.33, HPE Integrated Lights-Out 3 (iLO 3) Firmware for ProLiant G7 Servers - Prior to v1.90, HPE Integrated Lights-Out 4 (iLO 4) Firmware for ProLiant Gen8 Server firmwares - Prior to v2.60, HPE ProLiant XL750f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL740f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL730f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL450 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL270d Gen9 Special Server - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL260a Gen9 Server firmware - Prior to 1.60_01-22-2018(26 Feb 2018), HPE ProLiant XL250a Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL230a Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL190r Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL170r Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL560 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL380 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL360 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL180 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL160 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL120 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018). HPE ProLiant DL80 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL60 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL20 Gen9 Server firmware - Prior to 2.56_01-22-2018(27 Feb 2018), HPE ProLiant ML350 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant ML150 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant ML110 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant ML30 Gen9 Server firmware - Prior to 2.56_01-22-2018(27 Feb 2018), HPE ProLiant ML10 Gen9 Server firmware - Prior to 2018.01.22(22 Mar 2018), HPE ProLiant BL660c Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant BL460c Gen9 Server firmware Blade - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant WS460c Gen9 Workstation - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant DL380e Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL360p Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL360e Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL320e Gen8 Server firmware - Prior to 2018.01.22(5 Mar 2018), HPE ProLiant DL320e Gen8 v2 Server firmware - Prior to 2018.01.22(23 Feb 2018), HPE ProLiant DL160 Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant SL250s Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant SL210t Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant BL660c Gen8 Server firmware Blade - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant BL465c Gen8 (AMD) - Prior to 2018.03.14(12 Apr 2018), HPE ProLiant BL460c Gen8 Server firmware Blade - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant BL420c Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant SL4540 Gen8 1 Node Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant SL270s Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL580 Gen8 Server firmware - Prior to 2.00_02-22-2018(2 Mar 2018), HPE ProLiant DL560 Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL380p Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant DL385p Gen8 (AMD) - Prior to 2018.03.14(12 Apr 2018), HPE ProLiant ML350e Gen8 v2 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant ML350e Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018), HPE ProLiant ML350p Gen8 Server firmware - Prior to 2018.01.22(2 Mar 2018),HPE ProLiant ML310e Gen8 v2 Server firmware - Prior to 2018.01.22(23 Feb 2018), HPE ProLiant ML310e Gen8 Server firmware - Prior to 2018.01.22(5 Mar 2018), HPE ProLiant MicroServer Gen8 - Prior to 2018.01.22(5 Mar 2018), HPE ProLiant m710 Server Cartridge firmware - Prior to 2018.01.22(24 Feb 2018), HPE ProLiant m710p Server Cartridge firmware - Prior to 2018.01.22(24 Feb 2018), HPE ProLiant m710x Server Cartridge firmware - Prior to 1.64_01-22-2018(27 Feb 2018), HPE ProLiant m510 Server Cartridge firmware - Prior to 1.64_01-22-2018(27 Feb 2018), HPE ProLiant m350 Server Cartridge firmware - Prior to 2018.01.22(27 Feb 2018), HPE ProLiant m300 Server Cartridge firmware - Prior to 2018.01.22(27 Feb 2018), HPE ProLiant BL2x220c G7 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL980 G7 Server firmware - Prior to 2018.05.21(11 Jul 2018), HPE ProLiant DL585 G7 Server firmware (AMD) - Prior to 2018.03.14(12 Apr 2018), HPE ProLiant DL580 G7 Server firmware - Prior to 2018.05.21(11 Jul 2018), HPE ProLiant DL385 G7 Server firmware - Prior to 2018.03.14(20 Apr 2018), HPE ProLiant DL380 G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL120 G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL360 G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant BL685c G7 Server firmware Blade (AMD) - Prior to 2018.03.14(12 Apr 2018), HPE ProLiant BL680c G7 Server firmware Blade - Prior to 2018.05.21(11 Jul 2018), HPE ProLiant BL620c G7 Server firmware Blade - Prior to 2018.05.21(11 Jul 2018), HPE ProLiant BL490c G7 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant BL465c G7 Server Blade firmware - Prior to 2018.03.14(20 Apr 2018), HPE ProLiant BL460c G7 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant SL390s G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML110 G7 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML10 v2 Server firmware - Prior to 2018.01.22(23 Feb 2018), HPE ProLiant SL4545 G7 Server firmware (AMD) - Prior to 2018.03.14(A)(12 Apr 2018), HPE ProLiant Thin Micro TM200 Server firmware - Prior to 2.56_01-22-2018(27 Feb 2018), HPE ProLiant DL380 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL370 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL360 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL320 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant DL180 G6 Server No microcode patch provided, HPE ProLiant DL170h G6 Server No microcode patch provided, HPE ProLiant DL170e G6 Server No microcode patch provided, HPE ProLiant DL160 G6 Server No microcode patch provided, HPE ProLiant DL120 G6 Server No microcode patch provided, HPE ProLiant ML370 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML350 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML330 G6 Server firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant ML150 G6 Server firmware No microcode patch provided, HPE ProLiant ML110 G6 Server firmware No microcode patch provided, HPE ProLiant SL2x170z G6 Server firmware No microcode patch provided, HPE ProLiant BL490c G6 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant BL460c G6 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant SL170z G6 Server firmware No microcode patch provided, HPE ProLiant SL160s G6 Server firmware No microcode patch provided, HPE ProLiant BL2x220c G6 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018), HPE ProLiant BL280c G6 Server Blade firmware - Prior to 2018.05.21(2 Jul 2018)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us" - }, - { - "name" : "1041984", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local disclosure of privileged information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041984", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041984" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7331.json b/2018/7xxx/CVE-2018-7331.json index 8ace30f7a90..f1e4317d0e5 100644 --- a/2018/7xxx/CVE-2018-7331.json +++ b/2018/7xxx/CVE-2018-7331.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=157712b2f5f89b19ef2497ea89c5938eb29529da", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=157712b2f5f89b19ef2497ea89c5938eb29529da" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "name" : "103158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=157712b2f5f89b19ef2497ea89c5938eb29529da", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=157712b2f5f89b19ef2497ea89c5938eb29529da" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-06.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" + }, + { + "name": "103158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103158" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7339.json b/2018/7xxx/CVE-2018-7339.json index 4e2141e82dc..aed5c3dcc23 100644 --- a/2018/7xxx/CVE-2018-7339.json +++ b/2018/7xxx/CVE-2018-7339.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pingsuewim/libmp4_bof", - "refsource" : "MISC", - "url" : "https://github.com/pingsuewim/libmp4_bof" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pingsuewim/libmp4_bof", + "refsource": "MISC", + "url": "https://github.com/pingsuewim/libmp4_bof" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7858.json b/2018/7xxx/CVE-2018-7858.json index 08db289a06e..42a41e8812b 100644 --- a/2018/7xxx/CVE-2018-7858.json +++ b/2018/7xxx/CVE-2018-7858.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180309 CVE-2018-7858 Qemu: cirrus: OOB access when updating vga display", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/03/09/1" - }, - { - "name" : "[qemu-devel] 20180308 [PATCH] vga: fix region calculation", - "refsource" : "MLIST", - "url" : "https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1553402", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1553402" - }, - { - "name" : "RHSA-2018:1369", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1369" - }, - { - "name" : "RHSA-2018:1416", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1416" - }, - { - "name" : "RHSA-2018:2162", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2162" - }, - { - "name" : "USN-3649-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3649-1/" - }, - { - "name" : "103350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2162", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2162" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402" + }, + { + "name": "RHSA-2018:1369", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1369" + }, + { + "name": "USN-3649-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3649-1/" + }, + { + "name": "RHSA-2018:1416", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1416" + }, + { + "name": "103350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103350" + }, + { + "name": "[oss-security] 20180309 CVE-2018-7858 Qemu: cirrus: OOB access when updating vga display", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/03/09/1" + }, + { + "name": "[qemu-devel] 20180308 [PATCH] vga: fix region calculation", + "refsource": "MLIST", + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html" + } + ] + } +} \ No newline at end of file