From 0ba68b87bfc56b6bc55af23b5255b072958c2532 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:04:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0999.json | 140 +++---- 1999/1xxx/CVE-1999-1133.json | 130 +++---- 1999/1xxx/CVE-1999-1185.json | 130 +++---- 1999/1xxx/CVE-1999-1224.json | 130 +++---- 1999/1xxx/CVE-1999-1441.json | 130 +++---- 2000/0xxx/CVE-2000-0030.json | 120 +++--- 2000/0xxx/CVE-2000-0257.json | 130 +++---- 2000/0xxx/CVE-2000-0485.json | 150 ++++---- 2000/0xxx/CVE-2000-0816.json | 160 ++++---- 2000/1xxx/CVE-2000-1061.json | 130 +++---- 2005/2xxx/CVE-2005-2016.json | 34 +- 2005/2xxx/CVE-2005-2491.json | 690 +++++++++++++++++------------------ 2005/2xxx/CVE-2005-2699.json | 120 +++--- 2005/2xxx/CVE-2005-2793.json | 160 ++++---- 2005/3xxx/CVE-2005-3570.json | 200 +++++----- 2005/3xxx/CVE-2005-3672.json | 190 +++++----- 2005/3xxx/CVE-2005-3843.json | 170 ++++----- 2005/4xxx/CVE-2005-4075.json | 170 ++++----- 2005/4xxx/CVE-2005-4896.json | 34 +- 2009/2xxx/CVE-2009-2099.json | 150 ++++---- 2009/2xxx/CVE-2009-2368.json | 140 +++---- 2009/2xxx/CVE-2009-2458.json | 140 +++---- 2009/2xxx/CVE-2009-2800.json | 170 ++++----- 2009/2xxx/CVE-2009-2865.json | 180 ++++----- 2009/2xxx/CVE-2009-2899.json | 140 +++---- 2009/3xxx/CVE-2009-3622.json | 240 ++++++------ 2009/3xxx/CVE-2009-3888.json | 160 ++++---- 2009/4xxx/CVE-2009-4278.json | 34 +- 2015/0xxx/CVE-2015-0001.json | 170 ++++----- 2015/0xxx/CVE-2015-0316.json | 250 ++++++------- 2015/0xxx/CVE-2015-0317.json | 250 ++++++------- 2015/0xxx/CVE-2015-0812.json | 180 ++++----- 2015/1xxx/CVE-2015-1041.json | 190 +++++----- 2015/1xxx/CVE-2015-1172.json | 140 +++---- 2015/1xxx/CVE-2015-1636.json | 130 +++---- 2015/4xxx/CVE-2015-4101.json | 34 +- 2015/4xxx/CVE-2015-4216.json | 150 ++++---- 2015/4xxx/CVE-2015-4339.json | 34 +- 2015/4xxx/CVE-2015-4403.json | 34 +- 2015/4xxx/CVE-2015-4917.json | 130 +++---- 2015/5xxx/CVE-2015-5227.json | 130 +++---- 2015/9xxx/CVE-2015-9097.json | 180 ++++----- 2015/9xxx/CVE-2015-9158.json | 132 +++---- 2018/2xxx/CVE-2018-2180.json | 34 +- 2018/2xxx/CVE-2018-2218.json | 34 +- 2018/2xxx/CVE-2018-2345.json | 34 +- 2018/2xxx/CVE-2018-2361.json | 142 +++---- 2018/2xxx/CVE-2018-2504.json | 196 +++++----- 2018/2xxx/CVE-2018-2583.json | 190 +++++----- 2018/3xxx/CVE-2018-3158.json | 132 +++---- 2018/3xxx/CVE-2018-3204.json | 132 +++---- 2018/3xxx/CVE-2018-3534.json | 34 +- 2018/3xxx/CVE-2018-3757.json | 132 +++---- 2018/3xxx/CVE-2018-3881.json | 122 +++---- 2018/6xxx/CVE-2018-6448.json | 34 +- 2018/7xxx/CVE-2018-7130.json | 34 +- 2018/7xxx/CVE-2018-7709.json | 34 +- 2018/7xxx/CVE-2018-7942.json | 234 ++++++------ 58 files changed, 4062 insertions(+), 4062 deletions(-) diff --git a/1999/0xxx/CVE-1999-0999.json b/1999/0xxx/CVE-1999-0999.json index 694c374c3a4..fea08559cd3 100644 --- a/1999/0xxx/CVE-1999-0999.json +++ b/1999/0xxx/CVE-1999-0999.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS99-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-059" - }, - { - "name" : "Q248749", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248749" - }, - { - "name" : "817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS99-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-059" + }, + { + "name": "817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/817" + }, + { + "name": "Q248749", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248749" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1133.json b/1999/1xxx/CVE-1999-1133.json index 7e65de1f304..4bb6f7b16dd 100644 --- a/1999/1xxx/CVE-1999-1133.json +++ b/1999/1xxx/CVE-1999-1133.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX9709-069", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=87602880019776&w=2" - }, - { - "name" : "hp-vue-dt(499)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-vue-dt(499)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/499" + }, + { + "name": "HPSBUX9709-069", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=87602880019776&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1185.json b/1999/1xxx/CVE-1999-1185.json index 8948eda6ccf..c3f7e202104 100644 --- a/1999/1xxx/CVE-1999-1185.json +++ b/1999/1xxx/CVE-1999-1185.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980926 Root exploit for SCO OpenServer.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90686250717719&w=2" - }, - { - "name" : "sco-openserver-mscreen-bo(1379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sco-openserver-mscreen-bo(1379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1379" + }, + { + "name": "19980926 Root exploit for SCO OpenServer.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90686250717719&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1224.json b/1999/1xxx/CVE-1999-1224.json index 5403c46f141..38270df8d2c 100644 --- a/1999/1xxx/CVE-1999-1224.json +++ b/1999/1xxx/CVE-1999-1224.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19971008 L0pht Advisory: IMAP4rev1 imapd server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87635124302928&w=2" - }, - { - "name" : "imapd-core(349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imapd-core(349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/349" + }, + { + "name": "19971008 L0pht Advisory: IMAP4rev1 imapd server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87635124302928&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1441.json b/1999/1xxx/CVE-1999-1441.json index 7af6f977306..c3c3c369f5c 100644 --- a/1999/1xxx/CVE-1999-1441.json +++ b/1999/1xxx/CVE-1999-1441.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980630 Serious Linux 2.0.34 security problem", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90221103126047&w=2" - }, - { - "name" : "111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980630 Serious Linux 2.0.34 security problem", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90221103126047&w=2" + }, + { + "name": "111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/111" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0030.json b/2000/0xxx/CVE-2000-0030.json index 242fc000d70..c506fc42269 100644 --- a/2000/0xxx/CVE-2000-0030.json +++ b/2000/0xxx/CVE-2000-0030.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/878" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0257.json b/2000/0xxx/CVE-2000-0257.json index 4dfaabad902..7ca738b2c09 100644 --- a/2000/0xxx/CVE-2000-0257.json +++ b/2000/0xxx/CVE-2000-0257.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl" - }, - { - "name" : "1118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1118" + }, + { + "name": "20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0485.json b/2000/0xxx/CVE-2000-0485.json index 55228efd46e..5d7da8113b0 100644 --- a/2000/0xxx/CVE-2000-0485.json +++ b/2000/0xxx/CVE-2000-0485.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the \"DTS Password\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000530 Fw: Steal Passwords Using SQL Server EM", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/62771" - }, - { - "name" : "MS00-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041" - }, - { - "name" : "1292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1292" - }, - { - "name" : "mssql-dts-reveal-passwords(4582)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the \"DTS Password\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mssql-dts-reveal-passwords(4582)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4582" + }, + { + "name": "1292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1292" + }, + { + "name": "MS00-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041" + }, + { + "name": "20000530 Fw: Steal Passwords Using SQL Server EM", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/62771" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0816.json b/2000/0xxx/CVE-2000-0816.json index 3c481e36512..d2249f9e858 100644 --- a/2000/0xxx/CVE-2000-0816.json +++ b/2000/0xxx/CVE-2000-0816.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001006 Insecure call of external programs in Red Hat Linux tmpwatch", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise64.php" - }, - { - "name" : "RHSA-2000:080", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-080.html" - }, - { - "name" : "MDKSA-2000:056", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1" - }, - { - "name" : "1785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1785" - }, - { - "name" : "linux-tmpwatch-fuser(5320)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2000:056", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1" + }, + { + "name": "RHSA-2000:080", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-080.html" + }, + { + "name": "linux-tmpwatch-fuser(5320)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5320" + }, + { + "name": "20001006 Insecure call of external programs in Red Hat Linux tmpwatch", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise64.php" + }, + { + "name": "1785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1785" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1061.json b/2000/1xxx/CVE-2000-1061.json index 546a73e1cf5..48d82b817cd 100644 --- a/2000/1xxx/CVE-2000-1061.json +++ b/2000/1xxx/CVE-2000-1061.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-075", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075" - }, - { - "name" : "java-vm-applet(5127)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "java-vm-applet(5127)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127" + }, + { + "name": "MS00-075", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2016.json b/2005/2xxx/CVE-2005-2016.json index 0f76a9c98ec..fcf37b059da 100644 --- a/2005/2xxx/CVE-2005-2016.json +++ b/2005/2xxx/CVE-2005-2016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2491.json b/2005/2xxx/CVE-2005-2491.json index 7446cb59a50..8da35104a28 100644 --- a/2005/2xxx/CVE-2005-2491.json +++ b/2005/2xxx/CVE-2005-2491.json @@ -1,347 +1,347 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm" - }, - { - "name" : "APPLE-SA-2005-11-29", - "refsource" : "APPLE", - "url" : "http://docs.info.apple.com/article.html?artnum=302847" - }, - { - "name" : "DSA-800", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-800" - }, - { - "name" : "DSA-817", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-817" - }, - { - "name" : "DSA-819", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-819" - }, - { - "name" : "DSA-821", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-821" - }, - { - "name" : "FLSA:168516", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427046/100/0/threaded" - }, - { - "name" : "GLSA-200509-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml" - }, - { - "name" : "GLSA-200508-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml" - }, - { - "name" : "GLSA-200509-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml" - }, - { - "name" : "GLSA-200509-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml" - }, - { - "name" : "GLSA-200509-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml" - }, - { - "name" : "HPSBUX02074", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/428138/100/0/threaded" - }, - { - "name" : "SSRT051251", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/428138/100/0/threaded" - }, - { - "name" : "HPSBMA02159", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "SSRT061238", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "HPSBOV02683", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "SSRT090208", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "RHSA-2005:761", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-761.html" - }, - { - "name" : "RHSA-2006:0197", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0197.html" - }, - { - "name" : "OpenPKG-SA-2005.018", - "refsource" : "OPENPKG", - "url" : "http://marc.info/?l=bugtraq&m=112606064317223&w=2" - }, - { - "name" : "RHSA-2005:358", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-358.html" - }, - { - "name" : "SCOSA-2006.10", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt" - }, - { - "name" : "20060401-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" - }, - { - "name" : "102198", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1" - }, - { - "name" : "SUSE-SA:2005:051", - "refsource" : "SUSE", - "url" : "http://marc.info/?l=bugtraq&m=112605112027335&w=2" - }, - { - "name" : "SUSE-SA:2005:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_48_pcre.html" - }, - { - "name" : "SUSE-SA:2005:049", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_49_php.html" - }, - { - "name" : "SUSE-SA:2005:052", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_52_apache2.html" - }, - { - "name" : "TSLSA-2005-0059", - "refsource" : "TRUSTIX", - "url" : "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" - }, - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html" - }, - { - "name" : "http://www.php.net/release_4_4_1.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_4_4_1.php" - }, - { - "name" : "14620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14620" - }, - { - "name" : "15647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15647" - }, - { - "name" : "oval:org.mitre.oval:def:11516", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516" - }, - { - "name" : "ADV-2005-1511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1511" - }, - { - "name" : "ADV-2005-2659", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2659" - }, - { - "name" : "ADV-2006-0789", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0789" - }, - { - "name" : "ADV-2006-4320", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4320" - }, - { - "name" : "ADV-2006-4502", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4502" - }, - { - "name" : "oval:org.mitre.oval:def:735", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735" - }, - { - "name" : "oval:org.mitre.oval:def:1496", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496" - }, - { - "name" : "oval:org.mitre.oval:def:1659", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659" - }, - { - "name" : "1014744", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014744" - }, - { - "name" : "17813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17813" - }, - { - "name" : "16502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16502" - }, - { - "name" : "16679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16679" - }, - { - "name" : "19072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19072" - }, - { - "name" : "19193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19193" - }, - { - "name" : "17252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17252" - }, - { - "name" : "19532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19532" - }, - { - "name" : "21522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21522" - }, - { - "name" : "22691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22691" - }, - { - "name" : "22875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22875" - }, - { - "name" : "604", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "OpenPKG-SA-2005.018", + "refsource": "OPENPKG", + "url": "http://marc.info/?l=bugtraq&m=112606064317223&w=2" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf" + }, + { + "name": "22691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22691" + }, + { + "name": "17813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17813" + }, + { + "name": "ADV-2006-4502", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4502" + }, + { + "name": "GLSA-200509-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" + }, + { + "name": "20060401-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" + }, + { + "name": "14620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14620" + }, + { + "name": "ADV-2005-2659", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2659" + }, + { + "name": "FLSA:168516", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427046/100/0/threaded" + }, + { + "name": "GLSA-200509-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml" + }, + { + "name": "TSLSA-2005-0059", + "refsource": "TRUSTIX", + "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" + }, + { + "name": "22875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22875" + }, + { + "name": "SSRT061238", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "SSRT090208", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "HPSBMA02159", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "oval:org.mitre.oval:def:1659", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00021.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html" + }, + { + "name": "SUSE-SA:2005:051", + "refsource": "SUSE", + "url": "http://marc.info/?l=bugtraq&m=112605112027335&w=2" + }, + { + "name": "16502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16502" + }, + { + "name": "SSRT051251", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded" + }, + { + "name": "21522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21522" + }, + { + "name": "16679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16679" + }, + { + "name": "DSA-817", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-817" + }, + { + "name": "GLSA-200508-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml" + }, + { + "name": "ADV-2005-1511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1511" + }, + { + "name": "604", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/604" + }, + { + "name": "1014744", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014744" + }, + { + "name": "HPSBUX02074", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf" + }, + { + "name": "APPLE-SA-2005-11-29", + "refsource": "APPLE", + "url": "http://docs.info.apple.com/article.html?artnum=302847" + }, + { + "name": "RHSA-2005:761", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-761.html" + }, + { + "name": "SUSE-SA:2005:049", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_49_php.html" + }, + { + "name": "DSA-819", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-819" + }, + { + "name": "ADV-2006-4320", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4320" + }, + { + "name": "RHSA-2005:358", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-358.html" + }, + { + "name": "oval:org.mitre.oval:def:1496", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496" + }, + { + "name": "DSA-821", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-821" + }, + { + "name": "HPSBOV02683", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "19072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19072" + }, + { + "name": "19532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19532" + }, + { + "name": "http://www.php.net/release_4_4_1.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_4_4_1.php" + }, + { + "name": "GLSA-200509-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml" + }, + { + "name": "oval:org.mitre.oval:def:11516", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516" + }, + { + "name": "17252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17252" + }, + { + "name": "GLSA-200509-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml" + }, + { + "name": "SUSE-SA:2005:052", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_52_apache2.html" + }, + { + "name": "oval:org.mitre.oval:def:735", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735" + }, + { + "name": "15647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15647" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm" + }, + { + "name": "DSA-800", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-800" + }, + { + "name": "19193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19193" + }, + { + "name": "SCOSA-2006.10", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt" + }, + { + "name": "102198", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1" + }, + { + "name": "SUSE-SA:2005:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_48_pcre.html" + }, + { + "name": "RHSA-2006:0197", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0197.html" + }, + { + "name": "ADV-2006-0789", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0789" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2699.json b/2005/2xxx/CVE-2005-2699.json index ccea3255898..d1cceb57cb0 100644 --- a/2005/2xxx/CVE-2005-2699.json +++ b/2005/2xxx/CVE-2005-2699.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050822 SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112474427221031&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050822 SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112474427221031&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2793.json b/2005/2xxx/CVE-2005-2793.json index d027d56b03d..69265c3f218 100644 --- a/2005/2xxx/CVE-2005-2793.json +++ b/2005/2xxx/CVE-2005-2793.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112542447219235&w=2" - }, - { - "name" : "http://www.rgod.altervista.org/phpldap.html", - "refsource" : "MISC", - "url" : "http://www.rgod.altervista.org/phpldap.html" - }, - { - "name" : "14695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14695" - }, - { - "name" : "16617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16617/" - }, - { - "name" : "phpldapadmin-welcome-file-include(22103)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16617/" + }, + { + "name": "phpldapadmin-welcome-file-include(22103)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103" + }, + { + "name": "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112542447219235&w=2" + }, + { + "name": "14695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14695" + }, + { + "name": "http://www.rgod.altervista.org/phpldap.html", + "refsource": "MISC", + "url": "http://www.rgod.altervista.org/phpldap.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3570.json b/2005/3xxx/CVE-2005-3570.json index 3d57ead3393..a2253b0276e 100644 --- a/2005/3xxx/CVE-2005-3570.json +++ b/2005/3xxx/CVE-2005-3570.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Horde-announce] 20051113 Horde 2.2.9 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2005/000231.html" - }, - { - "name" : "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h" - }, - { - "name" : "DSA-914", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-914" - }, - { - "name" : "GLSA-200511-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml" - }, - { - "name" : "ADV-2005-2403", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2403" - }, - { - "name" : "15409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15409" - }, - { - "name" : "17468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17468" - }, - { - "name" : "17702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17702" - }, - { - "name" : "17794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15409" + }, + { + "name": "[Horde-announce] 20051113 Horde 2.2.9 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2005/000231.html" + }, + { + "name": "17468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17468" + }, + { + "name": "GLSA-200511-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml" + }, + { + "name": "ADV-2005-2403", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2403" + }, + { + "name": "17794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17794" + }, + { + "name": "17702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17702" + }, + { + "name": "DSA-914", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-914" + }, + { + "name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3672.json b/2005/3xxx/CVE-2005-3672.json index 132350253ec..d2dd90b8afb 100644 --- a/2005/3xxx/CVE-2005-3672.json +++ b/2005/3xxx/CVE-2005-3672.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Stonesoft advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" - }, - { - "name" : "http://www.stonesoft.com/support/Security_Advisories/7244.html", - "refsource" : "CONFIRM", - "url" : "http://www.stonesoft.com/support/Security_Advisories/7244.html" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" - }, - { - "name" : "http://jvn.jp/niscc/NISCC-273756/index.html", - "refsource" : "MISC", - "url" : "http://jvn.jp/niscc/NISCC-273756/index.html" - }, - { - "name" : "VU#226364", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/226364" - }, - { - "name" : "15405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15405" - }, - { - "name" : "ADV-2005-2408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2408" - }, - { - "name" : "17566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Stonesoft advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" + }, + { + "name": "http://jvn.jp/niscc/NISCC-273756/index.html", + "refsource": "MISC", + "url": "http://jvn.jp/niscc/NISCC-273756/index.html" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" + }, + { + "name": "VU#226364", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/226364" + }, + { + "name": "ADV-2005-2408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2408" + }, + { + "name": "http://www.stonesoft.com/support/Security_Advisories/7244.html", + "refsource": "CONFIRM", + "url": "http://www.stonesoft.com/support/Security_Advisories/7244.html" + }, + { + "name": "15405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15405" + }, + { + "name": "17566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17566" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3843.json b/2005/3xxx/CVE-2005-3843.json index 5b1d43a2fe1..9977b6fadf0 100644 --- a/2005/3xxx/CVE-2005-3843.json +++ b/2005/3xxx/CVE-2005-3843.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html" - }, - { - "name" : "15597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15597" - }, - { - "name" : "ADV-2005-2590", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2590" - }, - { - "name" : "21117", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21117" - }, - { - "name" : "17729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17729" - }, - { - "name" : "idesk-faq-sql-injection(23222)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21117", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21117" + }, + { + "name": "15597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15597" + }, + { + "name": "idesk-faq-sql-injection(23222)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23222" + }, + { + "name": "17729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17729" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html" + }, + { + "name": "ADV-2005-2590", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2590" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4075.json b/2005/4xxx/CVE-2005-4075.json index 10de2cb0987..c822bcfad8e 100644 --- a/2005/4xxx/CVE-2005-4075.json +++ b/2005/4xxx/CVE-2005-4075.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html" - }, - { - "name" : "15778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15778" - }, - { - "name" : "ADV-2005-2795", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2795" - }, - { - "name" : "21507", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21507" - }, - { - "name" : "17939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17939" - }, - { - "name" : "cfnuke-index-xss(23540)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17939" + }, + { + "name": "21507", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21507" + }, + { + "name": "15778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15778" + }, + { + "name": "cfnuke-index-xss(23540)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23540" + }, + { + "name": "ADV-2005-2795", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2795" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4896.json b/2005/4xxx/CVE-2005-4896.json index 53b588cb9d8..e4f505056ba 100644 --- a/2005/4xxx/CVE-2005-4896.json +++ b/2005/4xxx/CVE-2005-4896.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4896", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4896", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2099.json b/2009/2xxx/CVE-2009-2099.json index 69575506104..d10baf1afef 100644 --- a/2009/2xxx/CVE-2009-2099.json +++ b/2009/2xxx/CVE-2009-2099.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8959", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8959" - }, - { - "name" : "35379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35379" - }, - { - "name" : "55113", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55113" - }, - { - "name" : "35454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35379" + }, + { + "name": "8959", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8959" + }, + { + "name": "55113", + "refsource": "OSVDB", + "url": "http://osvdb.org/55113" + }, + { + "name": "35454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35454" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2368.json b/2009/2xxx/CVE-2009-2368.json index f0a49fe593f..3dc99c25dae 100644 --- a/2009/2xxx/CVE-2009-2368.json +++ b/2009/2xxx/CVE-2009-2368.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=695068", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=695068" - }, - { - "name" : "35718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35718" - }, - { - "name" : "ADV-2009-1806", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1806", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1806" + }, + { + "name": "35718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35718" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=695068", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=695068" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2458.json b/2009/2xxx/CVE-2009-2458.json index a0074a9cc55..44926eedf14 100644 --- a/2009/2xxx/CVE-2009-2458.json +++ b/2009/2xxx/CVE-2009-2458.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "257329", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-257329-1" - }, - { - "name" : "35661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35661" - }, - { - "name" : "sunfire-xvr100-dos(51695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sunfire-xvr100-dos(51695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51695" + }, + { + "name": "35661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35661" + }, + { + "name": "257329", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-257329-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2800.json b/2009/2xxx/CVE-2009-2800.json index 29a0e28fad3..42330fa9b69 100644 --- a/2009/2xxx/CVE-2009-2800.json +++ b/2009/2xxx/CVE-2009-2800.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "36354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36354" - }, - { - "name" : "57947", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57947" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "macos-alias-file-bo(53164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-alias-file-bo(53164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53164" + }, + { + "name": "36354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36354" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "57947", + "refsource": "OSVDB", + "url": "http://osvdb.org/57947" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2865.json b/2009/2xxx/CVE-2009-2865.json index 3b19f78fc6c..056811cf3e8 100644 --- a/2009/2xxx/CVE-2009-2865.json +++ b/2009/2xxx/CVE-2009-2865.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-2865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18884", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18884" - }, - { - "name" : "20090923 Cisco Unified Communications Manager Express Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml" - }, - { - "name" : "36498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36498" - }, - { - "name" : "58335", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58335" - }, - { - "name" : "1022932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022932" - }, - { - "name" : "ADV-2009-2758", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2758" - }, - { - "name" : "ciscoios-cme-extension-bo(53448)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36498" + }, + { + "name": "ciscoios-cme-extension-bo(53448)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53448" + }, + { + "name": "20090923 Cisco Unified Communications Manager Express Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml" + }, + { + "name": "ADV-2009-2758", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2758" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18884", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18884" + }, + { + "name": "58335", + "refsource": "OSVDB", + "url": "http://osvdb.org/58335" + }, + { + "name": "1022932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022932" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2899.json b/2009/2xxx/CVE-2009-2899.json index a65160c2628..2ab6565a6d7 100644 --- a/2009/2xxx/CVE-2009-2899.json +++ b/2009/2xxx/CVE-2009-2899.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://communities.vmware.com/thread/348773", - "refsource" : "MISC", - "url" : "http://communities.vmware.com/thread/348773" - }, - { - "name" : "https://jira.hyperic.com/browse/HHQ-1031", - "refsource" : "MISC", - "url" : "https://jira.hyperic.com/browse/HHQ-1031" - }, - { - "name" : "http://support.springsource.com/security/CVE-2009-2899", - "refsource" : "CONFIRM", - "url" : "http://support.springsource.com/security/CVE-2009-2899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.hyperic.com/browse/HHQ-1031", + "refsource": "MISC", + "url": "https://jira.hyperic.com/browse/HHQ-1031" + }, + { + "name": "http://communities.vmware.com/thread/348773", + "refsource": "MISC", + "url": "http://communities.vmware.com/thread/348773" + }, + { + "name": "http://support.springsource.com/security/CVE-2009-2899", + "refsource": "CONFIRM", + "url": "http://support.springsource.com/security/CVE-2009-2899" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3622.json b/2009/3xxx/CVE-2009-3622.json index 163f2f6f4d9..a51f04d8b3b 100644 --- a/2009/3xxx/CVE-2009-3622.json +++ b/2009/3xxx/CVE-2009-3622.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated \"UTF-8\" substrings, related to the mb_convert_encoding function in PHP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091019 [Wordpress] Resource Exhaustion (Denial of Service)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2009/Oct/263" - }, - { - "name" : "[oss-security] 20091021 CVE request: Wordpress Trackback DoS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125612393329041&w=2" - }, - { - "name" : "[oss-security] 20091021 Re: CVE request: Wordpress Trackback DoS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125614592004825&w=2" - }, - { - "name" : "http://codes.zerial.org/php/wp-trackbacks_dos.phps", - "refsource" : "MISC", - "url" : "http://codes.zerial.org/php/wp-trackbacks_dos.phps" - }, - { - "name" : "http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/", - "refsource" : "MISC", - "url" : "http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/" - }, - { - "name" : "http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html", - "refsource" : "MISC", - "url" : "http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html" - }, - { - "name" : "http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=530056", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=530056" - }, - { - "name" : "59077", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59077" - }, - { - "name" : "1023072", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023072" - }, - { - "name" : "37088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37088" - }, - { - "name" : "ADV-2009-2986", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2986" - }, - { - "name" : "wordpress-wptrackback-dos(53884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated \"UTF-8\" substrings, related to the mb_convert_encoding function in PHP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091019 [Wordpress] Resource Exhaustion (Denial of Service)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2009/Oct/263" + }, + { + "name": "http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html", + "refsource": "MISC", + "url": "http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html" + }, + { + "name": "wordpress-wptrackback-dos(53884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53884" + }, + { + "name": "[oss-security] 20091021 Re: CVE request: Wordpress Trackback DoS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125614592004825&w=2" + }, + { + "name": "http://codes.zerial.org/php/wp-trackbacks_dos.phps", + "refsource": "MISC", + "url": "http://codes.zerial.org/php/wp-trackbacks_dos.phps" + }, + { + "name": "37088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37088" + }, + { + "name": "59077", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59077" + }, + { + "name": "http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/", + "refsource": "MISC", + "url": "http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/" + }, + { + "name": "ADV-2009-2986", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2986" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530056", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530056" + }, + { + "name": "[oss-security] 20091021 CVE request: Wordpress Trackback DoS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125612393329041&w=2" + }, + { + "name": "1023072", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023072" + }, + { + "name": "http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3888.json b/2009/3xxx/CVE-2009-3888.json index bedf498062c..942b4eefc59 100644 --- a/2009/3xxx/CVE-2009-3888.json +++ b/2009/3xxx/CVE-2009-3888.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091109 CVE request - kernel: NOMMU: Dont pass NULL pointers to fput() in do_mmap_pgoff()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/09/2" - }, - { - "name" : "[oss-security] 20091113 Re: CVE request - kernel: NOMMU: Dont pass NULL pointers to fput() in do_mmap_pgoff()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/13/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89a8640279f8bb78aaf778d1fc5c4a6778f18064", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89a8640279f8bb78aaf778d1fc5c4a6778f18064" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6" - }, - { - "name" : "USN-864-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-864-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20091113 Re: CVE request - kernel: NOMMU: Dont pass NULL pointers to fput() in do_mmap_pgoff()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/13/3" + }, + { + "name": "USN-864-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-864-1" + }, + { + "name": "[oss-security] 20091109 CVE request - kernel: NOMMU: Dont pass NULL pointers to fput() in do_mmap_pgoff()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/09/2" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89a8640279f8bb78aaf778d1fc5c4a6778f18064", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89a8640279f8bb78aaf778d1fc5c4a6778f18064" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4278.json b/2009/4xxx/CVE-2009-4278.json index 76761a79529..20b3e555544 100644 --- a/2009/4xxx/CVE-2009-4278.json +++ b/2009/4xxx/CVE-2009-4278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4278", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4278", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0001.json b/2015/0xxx/CVE-2015-0001.json index 10b491fca61..2844582a342 100644 --- a/2015/0xxx/CVE-2015-0001.json +++ b/2015/0xxx/CVE-2015-0001.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka \"Windows Error Reporting Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/134392/Microsoft-Windows-8.1-Ahcache.sys-NtApphelpCacheControl-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134392/Microsoft-Windows-8.1-Ahcache.sys-NtApphelpCacheControl-Privilege-Escalation.html" - }, - { - "name" : "MS15-006", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-006" - }, - { - "name" : "71927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71927" - }, - { - "name" : "62134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62134" - }, - { - "name" : "ms-wer-cve20150001-security-bypass(99513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99513" - }, - { - "name" : "win-ms15kb3004365-update(99514)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka \"Windows Error Reporting Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-006", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-006" + }, + { + "name": "win-ms15kb3004365-update(99514)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99514" + }, + { + "name": "ms-wer-cve20150001-security-bypass(99513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99513" + }, + { + "name": "62134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62134" + }, + { + "name": "71927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71927" + }, + { + "name": "http://packetstormsecurity.com/files/134392/Microsoft-Windows-8.1-Ahcache.sys-NtApphelpCacheControl-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134392/Microsoft-Windows-8.1-Ahcache.sys-NtApphelpCacheControl-Privilege-Escalation.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0316.json b/2015/0xxx/CVE-2015-0316.json index d13cbf93b36..f0a53d2067e 100644 --- a/2015/0xxx/CVE-2015-0316.json +++ b/2015/0xxx/CVE-2015-0316.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" - }, - { - "name" : "https://technet.microsoft.com/library/security/2755801", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/2755801" - }, - { - "name" : "GLSA-201502-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml" - }, - { - "name" : "RHSA-2015:0140", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0140.html" - }, - { - "name" : "SUSE-SU-2015:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:0237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" - }, - { - "name" : "72514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72514" - }, - { - "name" : "1031706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031706" - }, - { - "name" : "62777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62777" - }, - { - "name" : "62886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62886" - }, - { - "name" : "62895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62895" - }, - { - "name" : "adobe-flash-cve20150316-code-exec(100701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201502-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml" + }, + { + "name": "openSUSE-SU-2015:0238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" + }, + { + "name": "62895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62895" + }, + { + "name": "1031706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031706" + }, + { + "name": "62886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62886" + }, + { + "name": "https://technet.microsoft.com/library/security/2755801", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/2755801" + }, + { + "name": "62777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62777" + }, + { + "name": "openSUSE-SU-2015:0237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" + }, + { + "name": "SUSE-SU-2015:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" + }, + { + "name": "adobe-flash-cve20150316-code-exec(100701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100701" + }, + { + "name": "72514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72514" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" + }, + { + "name": "RHSA-2015:0140", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0140.html" + }, + { + "name": "SUSE-SU-2015:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0317.json b/2015/0xxx/CVE-2015-0317.json index 38bda6df9ae..204a4942bca 100644 --- a/2015/0xxx/CVE-2015-0317.json +++ b/2015/0xxx/CVE-2015-0317.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-0319." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" - }, - { - "name" : "https://technet.microsoft.com/library/security/2755801", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/2755801" - }, - { - "name" : "GLSA-201502-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml" - }, - { - "name" : "RHSA-2015:0140", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0140.html" - }, - { - "name" : "SUSE-SU-2015:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:0237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" - }, - { - "name" : "72514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72514" - }, - { - "name" : "1031706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031706" - }, - { - "name" : "62777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62777" - }, - { - "name" : "62886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62886" - }, - { - "name" : "62895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62895" - }, - { - "name" : "adobe-flash-cve20150317-code-exec(100706)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-0319." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201502-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml" + }, + { + "name": "openSUSE-SU-2015:0238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" + }, + { + "name": "62895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62895" + }, + { + "name": "adobe-flash-cve20150317-code-exec(100706)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100706" + }, + { + "name": "1031706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031706" + }, + { + "name": "62886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62886" + }, + { + "name": "https://technet.microsoft.com/library/security/2755801", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/2755801" + }, + { + "name": "62777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62777" + }, + { + "name": "openSUSE-SU-2015:0237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" + }, + { + "name": "SUSE-SU-2015:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" + }, + { + "name": "72514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72514" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" + }, + { + "name": "RHSA-2015:0140", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0140.html" + }, + { + "name": "SUSE-SU-2015:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0812.json b/2015/0xxx/CVE-2015-0812.json index e7a7519f281..989d1aec69c 100644 --- a/2015/0xxx/CVE-2015-0812.json +++ b/2015/0xxx/CVE-2015-0812.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-32.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-32.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1128126", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1128126" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "openSUSE-SU-2015:0677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" - }, - { - "name" : "USN-2550-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2550-1" - }, - { - "name" : "1031996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031996" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1128126", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1128126" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-32.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-32.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2550-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2550-1" + }, + { + "name": "openSUSE-SU-2015:0677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1041.json b/2015/1xxx/CVE-2015-1041.json index 98f9d1f840f..0dd4cfe94b4 100644 --- a/2015/1xxx/CVE-2015-1041.json +++ b/2015/1xxx/CVE-2015-1041.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150109 Reflecting XSS vulnerability in CMS e107 v. 1.0.4", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/18" - }, - { - "name" : "[oss-security] 20150111 Re: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/11/6" - }, - { - "name" : "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html" - }, - { - "name" : "https://github.com/e107inc/e107v1/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/e107inc/e107v1/issues/2" - }, - { - "name" : "71977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71977" - }, - { - "name" : "e107-filemanager-xss(99898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html" + }, + { + "name": "e107-filemanager-xss(99898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99898" + }, + { + "name": "https://github.com/e107inc/e107v1/issues/2", + "refsource": "MISC", + "url": "https://github.com/e107inc/e107v1/issues/2" + }, + { + "name": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html" + }, + { + "name": "[oss-security] 20150111 Re: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/11/6" + }, + { + "name": "71977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71977" + }, + { + "name": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html" + }, + { + "name": "20150109 Reflecting XSS vulnerability in CMS e107 v. 1.0.4", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/18" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1172.json b/2015/1xxx/CVE-2015-1172.json index da3fbcfd765..417f554ff5c 100644 --- a/2015/1xxx/CVE-2015-1172.json +++ b/2015/1xxx/CVE-2015-1172.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/7784", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/7784" - }, - { - "name" : "72546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/7784", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/7784" + }, + { + "name": "72546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72546" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1636.json b/2015/1xxx/CVE-2015-1636.json index 19225293fb5..e4c7ad2ae9e 100644 --- a/2015/1xxx/CVE-2015-1636.json +++ b/2015/1xxx/CVE-2015-1636.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-022", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022" - }, - { - "name" : "1031895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-022", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022" + }, + { + "name": "1031895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031895" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4101.json b/2015/4xxx/CVE-2015-4101.json index 2e7d7e24865..ffe4f9e565e 100644 --- a/2015/4xxx/CVE-2015-4101.json +++ b/2015/4xxx/CVE-2015-4101.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4101", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4101", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4216.json b/2015/4xxx/CVE-2015-4216.json index 7180e20f92c..71b887d62b9 100644 --- a/2015/4xxx/CVE-2015-4216.json +++ b/2015/4xxx/CVE-2015-4216.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150625 Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport" - }, - { - "name" : "75417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75417" - }, - { - "name" : "1032725", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032725" - }, - { - "name" : "1032726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150625 Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport" + }, + { + "name": "1032725", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032725" + }, + { + "name": "1032726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032726" + }, + { + "name": "75417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75417" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4339.json b/2015/4xxx/CVE-2015-4339.json index 2f67cc7e2c5..0c66b8bad94 100644 --- a/2015/4xxx/CVE-2015-4339.json +++ b/2015/4xxx/CVE-2015-4339.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4339", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4339", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4403.json b/2015/4xxx/CVE-2015-4403.json index 6d5d68898a7..e75ca5fadce 100644 --- a/2015/4xxx/CVE-2015-4403.json +++ b/2015/4xxx/CVE-2015-4403.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4403", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4403", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4917.json b/2015/4xxx/CVE-2015-4917.json index a99c95915f1..27aba121409 100644 --- a/2015/4xxx/CVE-2015-4917.json +++ b/2015/4xxx/CVE-2015-4917.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033899", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1033899", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033899" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5227.json b/2015/5xxx/CVE-2015-5227.json index c60aa523351..2e50eef8069 100644 --- a/2015/5xxx/CVE-2015-5227.json +++ b/2015/5xxx/CVE-2015-5227.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wpvulndb.com/vulnerabilities/8200", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8200" - }, - { - "name" : "https://wordpress.org/plugins/landing-pages/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/landing-pages/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/landing-pages/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/landing-pages/#developers" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8200", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8200" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9097.json b/2015/9xxx/CVE-2015-9097.json index 13130575fbf..fa6ca24c9ef 100644 --- a/2015/9xxx/CVE-2015-9097.json +++ b/2015/9xxx/CVE-2015-9097.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2015/12/11/3", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2015/12/11/3" - }, - { - "name" : "http://www.mbsd.jp/Whitepaper/smtpi.pdf", - "refsource" : "MISC", - "url" : "http://www.mbsd.jp/Whitepaper/smtpi.pdf" - }, - { - "name" : "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83", - "refsource" : "MISC", - "url" : "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83" - }, - { - "name" : "https://github.com/mikel/mail/pull/1097", - "refsource" : "MISC", - "url" : "https://github.com/mikel/mail/pull/1097" - }, - { - "name" : "https://github.com/rubysec/ruby-advisory-db/issues/215", - "refsource" : "MISC", - "url" : "https://github.com/rubysec/ruby-advisory-db/issues/215" - }, - { - "name" : "https://hackerone.com/reports/137631", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/137631" - }, - { - "name" : "https://rubysec.com/advisories/mail-OSVDB-131677", - "refsource" : "MISC", - "url" : "https://rubysec.com/advisories/mail-OSVDB-131677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mikel/mail/pull/1097", + "refsource": "MISC", + "url": "https://github.com/mikel/mail/pull/1097" + }, + { + "name": "https://hackerone.com/reports/137631", + "refsource": "MISC", + "url": "https://hackerone.com/reports/137631" + }, + { + "name": "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83", + "refsource": "MISC", + "url": "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83" + }, + { + "name": "http://openwall.com/lists/oss-security/2015/12/11/3", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2015/12/11/3" + }, + { + "name": "https://rubysec.com/advisories/mail-OSVDB-131677", + "refsource": "MISC", + "url": "https://rubysec.com/advisories/mail-OSVDB-131677" + }, + { + "name": "https://github.com/rubysec/ruby-advisory-db/issues/215", + "refsource": "MISC", + "url": "https://github.com/rubysec/ruby-advisory-db/issues/215" + }, + { + "name": "http://www.mbsd.jp/Whitepaper/smtpi.pdf", + "refsource": "MISC", + "url": "http://www.mbsd.jp/Whitepaper/smtpi.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9158.json b/2015/9xxx/CVE-2015-9158.json index eca629eb616..9df8872d7dd 100644 --- a/2015/9xxx/CVE-2015-9158.json +++ b/2015/9xxx/CVE-2015-9158.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a QTEE crypto function, a buffer overflow can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a QTEE crypto function, a buffer overflow can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2180.json b/2018/2xxx/CVE-2018-2180.json index 9e444efe41e..10bdeb3b596 100644 --- a/2018/2xxx/CVE-2018-2180.json +++ b/2018/2xxx/CVE-2018-2180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2180", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2180", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2218.json b/2018/2xxx/CVE-2018-2218.json index 425bfbdda1d..1acc318a92d 100644 --- a/2018/2xxx/CVE-2018-2218.json +++ b/2018/2xxx/CVE-2018-2218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2218", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2218", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2345.json b/2018/2xxx/CVE-2018-2345.json index af58075df1d..9412f5d8bb4 100644 --- a/2018/2xxx/CVE-2018-2345.json +++ b/2018/2xxx/CVE-2018-2345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2345", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2345", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2361.json b/2018/2xxx/CVE-2018-2361.json index 3d0f7c59502..2e2ddd8efbf 100644 --- a/2018/2xxx/CVE-2018-2361.json +++ b/2018/2xxx/CVE-2018-2361.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Solution Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "7.20" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Authorization Check" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Solution Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.20" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2507934", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2507934" - }, - { - "name" : "102450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2507934", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2507934" + }, + { + "name": "102450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102450" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2504.json b/2018/2xxx/CVE-2018-2504.json index 3b3aeda7cdd..65ec47f7fa1 100644 --- a/2018/2xxx/CVE-2018-2504.json +++ b/2018/2xxx/CVE-2018-2504.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP NetWeaver AS Java (ServerCore)", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "7.10" - }, - { - "version_name" : "=", - "version_value" : "7.11" - }, - { - "version_name" : "=", - "version_value" : "7.20" - }, - { - "version_name" : "=", - "version_value" : "7.30" - }, - { - "version_name" : "=", - "version_value" : "7.31" - }, - { - "version_name" : "=", - "version_value" : "7.40" - }, - { - "version_name" : "=", - "version_value" : "7.50" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver AS Java (ServerCore)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.10" + }, + { + "version_name": "=", + "version_value": "7.11" + }, + { + "version_name": "=", + "version_value": "7.20" + }, + { + "version_name": "=", + "version_value": "7.30" + }, + { + "version_name": "=", + "version_value": "7.31" + }, + { + "version_name": "=", + "version_value": "7.40" + }, + { + "version_name": "=", + "version_value": "7.50" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2718993", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2718993" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699" - }, - { - "name" : "106150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106150" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2718993", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2718993" + }, + { + "name": "106150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106150" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2583.json b/2018/2xxx/CVE-2018-2583.json index 8c219b72e8d..fd675b28059 100644 --- a/2018/2xxx/CVE-2018-2583.json +++ b/2018/2xxx/CVE-2018-2583.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.38 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.20 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.38 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.20 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180117-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/" - }, - { - "name" : "RHSA-2018:0586", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0586" - }, - { - "name" : "RHSA-2018:0587", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0587" - }, - { - "name" : "USN-3537-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3537-1/" - }, - { - "name" : "102708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102708" - }, - { - "name" : "1040216", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0587", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0587" + }, + { + "name": "102708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102708" + }, + { + "name": "USN-3537-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3537-1/" + }, + { + "name": "RHSA-2018:0586", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0586" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180117-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180117-0002/" + }, + { + "name": "1040216", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040216" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3158.json b/2018/3xxx/CVE-2018-3158.json index 03396d6f5a2..592d1b48897 100644 --- a/2018/3xxx/CVE-2018-3158.json +++ b/2018/3xxx/CVE-2018-3158.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Cruise Fleet Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Fleet Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105626" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3204.json b/2018/3xxx/CVE-2018-3204.json index 4bbecb15125..fd75f958403 100644 --- a/2018/3xxx/CVE-2018-3204.json +++ b/2018/3xxx/CVE-2018-3204.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Intelligence Enterprise Edition", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.2.1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.2.1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105623" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3534.json b/2018/3xxx/CVE-2018-3534.json index 2add32fe32f..55f80968f74 100644 --- a/2018/3xxx/CVE-2018-3534.json +++ b/2018/3xxx/CVE-2018-3534.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3534", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3534", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3757.json b/2018/3xxx/CVE-2018-3757.json index fc49a1c984d..eb21f962d78 100644 --- a/2018/3xxx/CVE-2018-3757.json +++ b/2018/3xxx/CVE-2018-3757.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-05-31T00:00:00", - "ID" : "CVE-2018-3757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-05-31T00:00:00", + "ID": "CVE-2018-3757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/340208", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/340208" - }, - { - "name" : "https://github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83", - "refsource" : "CONFIRM", - "url" : "https://github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/340208", + "refsource": "MISC", + "url": "https://hackerone.com/reports/340208" + }, + { + "name": "https://github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83", + "refsource": "CONFIRM", + "url": "https://github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3881.json b/2018/3xxx/CVE-2018-3881.json index cf16b098349..f43192dc954 100644 --- a/2018/3xxx/CVE-2018-3881.json +++ b/2018/3xxx/CVE-2018-3881.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-20T00:00:00", - "ID" : "CVE-2018-3881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Focalscope", - "version" : { - "version_data" : [ - { - "version_value" : "v2416" - } - ] - } - } - ] - }, - "vendor_name" : "FocalScope" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of XML External Entity Reference" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-20T00:00:00", + "ID": "CVE-2018-3881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Focalscope", + "version": { + "version_data": [ + { + "version_value": "v2416" + } + ] + } + } + ] + }, + "vendor_name": "FocalScope" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6448.json b/2018/6xxx/CVE-2018-6448.json index 26b6d8f0907..40c532fb25f 100644 --- a/2018/6xxx/CVE-2018-6448.json +++ b/2018/6xxx/CVE-2018-6448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6448", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6448", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7130.json b/2018/7xxx/CVE-2018-7130.json index 60883ee8781..524b11a9147 100644 --- a/2018/7xxx/CVE-2018-7130.json +++ b/2018/7xxx/CVE-2018-7130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7709.json b/2018/7xxx/CVE-2018-7709.json index e035fda4b76..4f034ba3cb1 100644 --- a/2018/7xxx/CVE-2018-7709.json +++ b/2018/7xxx/CVE-2018-7709.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7709", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7709", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7942.json b/2018/7xxx/CVE-2018-7942.json index 6e867137652..7f753b540cf 100644 --- a/2018/7xxx/CVE-2018-7942.json +++ b/2018/7xxx/CVE-2018-7942.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3", - "version" : { - "version_data" : [ - { - "version_value" : "1288H V5 V100R005C00" - }, - { - "version_value" : "2288H V5 V100R005C00" - }, - { - "version_value" : "2488 V5 V100R005C00" - }, - { - "version_value" : "CH121 V3 V100R001C00" - }, - { - "version_value" : "CH121L V3 V100R001C00" - }, - { - "version_value" : "CH121L V5 V100R001C00" - }, - { - "version_value" : "CH121 V5 V100R001C00" - }, - { - "version_value" : "CH140 V3 V100R001C00" - }, - { - "version_value" : "CH140L V3 V100R001C00" - }, - { - "version_value" : "CH220 V3 V100R001C00" - }, - { - "version_value" : "CH222 V3 V100R001C00" - }, - { - "version_value" : "CH242 V3 V100R001C00" - }, - { - "version_value" : "CH242 V5 V100R001C00" - }, - { - "version_value" : "RH1288 V3 V100R003C00" - }, - { - "version_value" : "RH2288 V3 V100R003C00" - }, - { - "version_value" : "RH2288H V3 V100R003C00" - }, - { - "version_value" : "XH310 V3 V100R003C00" - }, - { - "version_value" : "XH321 V3 V100R003C00" - }, - { - "version_value" : "XH321 V5 V100R005C00" - }, - { - "version_value" : "XH620 V3 V100R003C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3", + "version": { + "version_data": [ + { + "version_value": "1288H V5 V100R005C00" + }, + { + "version_value": "2288H V5 V100R005C00" + }, + { + "version_value": "2488 V5 V100R005C00" + }, + { + "version_value": "CH121 V3 V100R001C00" + }, + { + "version_value": "CH121L V3 V100R001C00" + }, + { + "version_value": "CH121L V5 V100R001C00" + }, + { + "version_value": "CH121 V5 V100R001C00" + }, + { + "version_value": "CH140 V3 V100R001C00" + }, + { + "version_value": "CH140L V3 V100R001C00" + }, + { + "version_value": "CH220 V3 V100R001C00" + }, + { + "version_value": "CH222 V3 V100R001C00" + }, + { + "version_value": "CH242 V3 V100R001C00" + }, + { + "version_value": "CH242 V5 V100R001C00" + }, + { + "version_value": "RH1288 V3 V100R003C00" + }, + { + "version_value": "RH2288 V3 V100R003C00" + }, + { + "version_value": "RH2288H V3 V100R003C00" + }, + { + "version_value": "XH310 V3 V100R003C00" + }, + { + "version_value": "XH321 V3 V100R003C00" + }, + { + "version_value": "XH321 V5 V100R005C00" + }, + { + "version_value": "XH620 V3 V100R003C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en" + } + ] + } +} \ No newline at end of file