From 0c9b8baada8fffb5fc0f7f8d7dd2821a86c57b83 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:51:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1048.json | 160 ++++++------ 1999/1xxx/CVE-1999-1142.json | 140 +++++----- 1999/1xxx/CVE-1999-1161.json | 160 ++++++------ 2000/0xxx/CVE-2000-0191.json | 140 +++++----- 2000/0xxx/CVE-2000-0939.json | 130 +++++----- 2000/1xxx/CVE-2000-1173.json | 130 +++++----- 2005/2xxx/CVE-2005-2052.json | 130 +++++----- 2005/2xxx/CVE-2005-2184.json | 130 +++++----- 2005/2xxx/CVE-2005-2549.json | 240 +++++++++--------- 2005/3xxx/CVE-2005-3005.json | 160 ++++++------ 2005/3xxx/CVE-2005-3604.json | 34 +-- 2005/3xxx/CVE-2005-3890.json | 170 ++++++------- 2005/3xxx/CVE-2005-3931.json | 180 ++++++------- 2005/4xxx/CVE-2005-4178.json | 200 +++++++-------- 2005/4xxx/CVE-2005-4603.json | 170 ++++++------- 2005/4xxx/CVE-2005-4848.json | 160 ++++++------ 2009/2xxx/CVE-2009-2104.json | 160 ++++++------ 2009/2xxx/CVE-2009-2189.json | 140 +++++----- 2009/2xxx/CVE-2009-2405.json | 260 +++++++++---------- 2009/2xxx/CVE-2009-2416.json | 470 +++++++++++++++++----------------- 2009/2xxx/CVE-2009-2525.json | 140 +++++----- 2009/2xxx/CVE-2009-2788.json | 130 +++++----- 2009/2xxx/CVE-2009-2830.json | 150 +++++------ 2009/3xxx/CVE-2009-3021.json | 160 ++++++------ 2009/3xxx/CVE-2009-3659.json | 130 +++++----- 2009/4xxx/CVE-2009-4002.json | 200 +++++++-------- 2009/4xxx/CVE-2009-4559.json | 140 +++++----- 2009/4xxx/CVE-2009-4939.json | 190 +++++++------- 2015/0xxx/CVE-2015-0480.json | 480 +++++++++++++++++------------------ 2015/0xxx/CVE-2015-0514.json | 180 ++++++------- 2015/0xxx/CVE-2015-0593.json | 150 +++++------ 2015/0xxx/CVE-2015-0608.json | 160 ++++++------ 2015/1xxx/CVE-2015-1466.json | 34 +-- 2015/1xxx/CVE-2015-1859.json | 210 +++++++-------- 2015/1xxx/CVE-2015-1869.json | 34 +-- 2015/4xxx/CVE-2015-4116.json | 160 ++++++------ 2015/4xxx/CVE-2015-4288.json | 120 ++++----- 2015/4xxx/CVE-2015-4382.json | 160 ++++++------ 2015/4xxx/CVE-2015-4501.json | 260 +++++++++---------- 2015/4xxx/CVE-2015-4552.json | 140 +++++----- 2015/4xxx/CVE-2015-4703.json | 160 ++++++------ 2015/5xxx/CVE-2015-5362.json | 130 +++++----- 2015/5xxx/CVE-2015-5543.json | 34 +-- 2018/2xxx/CVE-2018-2336.json | 34 +-- 2018/2xxx/CVE-2018-2641.json | 356 +++++++++++++------------- 2018/2xxx/CVE-2018-2996.json | 182 ++++++------- 2018/3xxx/CVE-2018-3096.json | 142 +++++------ 2018/3xxx/CVE-2018-3436.json | 34 +-- 2018/3xxx/CVE-2018-3438.json | 34 +-- 2018/6xxx/CVE-2018-6331.json | 132 +++++----- 2018/6xxx/CVE-2018-6351.json | 34 +-- 2018/6xxx/CVE-2018-6369.json | 34 +-- 2018/6xxx/CVE-2018-6397.json | 120 ++++----- 2018/7xxx/CVE-2018-7104.json | 120 ++++----- 2018/7xxx/CVE-2018-7162.json | 138 +++++----- 2018/7xxx/CVE-2018-7219.json | 120 ++++----- 2018/7xxx/CVE-2018-7589.json | 130 +++++----- 2018/7xxx/CVE-2018-7828.json | 34 +-- 2018/7xxx/CVE-2018-7879.json | 34 +-- 59 files changed, 4397 insertions(+), 4397 deletions(-) diff --git a/1999/1xxx/CVE-1999-1048.json b/1999/1xxx/CVE-1999-1048.json index b6370714381..4f0a846ed48 100644 --- a/1999/1xxx/CVE-1999-1048.json +++ b/1999/1xxx/CVE-1999-1048.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \\w option in the PS1 environmental variable when another user changes into that directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980905 BASH buffer overflow, LiNUX x86 exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/10542" - }, - { - "name" : "19970821 Buffer overflow in /bin/bash", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87602746719555&w=2" - }, - { - "name" : "19980909 problem with very long pathnames", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/1998/19980909" - }, - { - "name" : "linux-bash-bo(3414)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3414" - }, - { - "name" : "8345", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \\w option in the PS1 environmental variable when another user changes into that directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8345", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8345" + }, + { + "name": "linux-bash-bo(3414)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3414" + }, + { + "name": "19970821 Buffer overflow in /bin/bash", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87602746719555&w=2" + }, + { + "name": "19980909 problem with very long pathnames", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/1998/19980909" + }, + { + "name": "19980905 BASH buffer overflow, LiNUX x86 exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/10542" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1142.json b/1999/1xxx/CVE-1999-1142.json index 685f9f8b8c5..6ad445d1682 100644 --- a/1999/1xxx/CVE-1999-1142.json +++ b/1999/1xxx/CVE-1999-1142.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SunOS 4.1.2 and earlier allows local users to gain privileges via \"LD_*\" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1992-11", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1992-11.html" - }, - { - "name" : "00116", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116" - }, - { - "name" : "sun-env(3152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SunOS 4.1.2 and earlier allows local users to gain privileges via \"LD_*\" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-1992-11", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1992-11.html" + }, + { + "name": "sun-env(3152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3152" + }, + { + "name": "00116", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1161.json b/1999/1xxx/CVE-1999-1161.json index be5099d484e..72bd66d5f0f 100644 --- a/1999/1xxx/CVE-1999-1161.json +++ b/1999/1xxx/CVE-1999-1161.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19961103 Re: Untitled", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87602167420102&w=2" - }, - { - "name" : "19961104 ppl bugs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87602167420103&w=2" - }, - { - "name" : "HPSBUX9704-057", - "refsource" : "HP", - "url" : "http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html" - }, - { - "name" : "H-32", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/h-32.shtml" - }, - { - "name" : "hp-ppl(7438)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7438.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX9704-057", + "refsource": "HP", + "url": "http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html" + }, + { + "name": "hp-ppl(7438)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7438.php" + }, + { + "name": "19961104 ppl bugs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87602167420103&w=2" + }, + { + "name": "H-32", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/h-32.shtml" + }, + { + "name": "19961103 Re: Untitled", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87602167420102&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0191.json b/2000/0xxx/CVE-2000-0191.json index 048872103be..1585a43c187 100644 --- a/2000/0xxx/CVE-2000-0191.json +++ b/2000/0xxx/CVE-2000-0191.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000229 Infosec.20000229.axisstorpointcd.a", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se" - }, - { - "name" : "1025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1025" - }, - { - "name" : "19", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19" + }, + { + "name": "1025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1025" + }, + { + "name": "20000229 Infosec.20000229.axisstorpointcd.a", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0939.json b/2000/0xxx/CVE-2000-0939.json index 64be5bede6d..089b5adf94c 100644 --- a/2000/0xxx/CVE-2000-0939.json +++ b/2000/0xxx/CVE-2000-0939.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001030 Samba 2.0.7 SWAT vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html" - }, - { - "name" : "samba-swat-url-filename-dos(5444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001030 Samba 2.0.7 SWAT vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html" + }, + { + "name": "samba-swat-url-filename-dos(5444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5444" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1173.json b/2000/1xxx/CVE-2000-1173.json index 636f9834cbb..48f38c92bbc 100644 --- a/2000/1xxx/CVE-2000-1173.json +++ b/2000/1xxx/CVE-2000-1173.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001122 CyberPatrol - poor credit card protection", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html" - }, - { - "name" : "1977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1977" + }, + { + "name": "20001122 CyberPatrol - poor credit card protection", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2052.json b/2005/2xxx/CVE-2005-2052.json index d332c59e20a..6ac96645a7e 100644 --- a/2005/2xxx/CVE-2005-2052.json +++ b/2005/2xxx/CVE-2005-2052.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050623 eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111955853611840&w=2" - }, - { - "name" : "http://service.real.com/help/faq/security/050623_player/EN/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/help/faq/security/050623_player/EN/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050623 eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111955853611840&w=2" + }, + { + "name": "http://service.real.com/help/faq/security/050623_player/EN/", + "refsource": "CONFIRM", + "url": "http://service.real.com/help/faq/security/050623_player/EN/" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2184.json b/2005/2xxx/CVE-2005-2184.json index 11ab11620a7..b8155d01dfd 100644 --- a/2005/2xxx/CVE-2005-2184.json +++ b/2005/2xxx/CVE-2005-2184.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050706 eRoom Multiple Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112069267700034&w=2" - }, - { - "name" : "15940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15940" + }, + { + "name": "20050706 eRoom Multiple Security Issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112069267700034&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2549.json b/2005/2xxx/CVE-2005-2549.json index 114881508c0..9a77fae8f27 100644 --- a/2005/2xxx/CVE-2005-2549.json +++ b/2005/2xxx/CVE-2005-2549.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050810 Evolution multiple remote format string bugs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/407789" - }, - { - "name" : "20050810 Evolution multiple remote format string bugs", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=112368237712032&w=2" - }, - { - "name" : "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html", - "refsource" : "MISC", - "url" : "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html" - }, - { - "name" : "DSA-1016", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1016" - }, - { - "name" : "FEDORA-2005-743", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html" - }, - { - "name" : "MDKSA-2005:141", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:141" - }, - { - "name" : "RHSA-2005:267", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-267.html" - }, - { - "name" : "SUSE-SA:2005:054", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_54_evolution.html" - }, - { - "name" : "USN-166-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/166-1/" - }, - { - "name" : "14532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14532" - }, - { - "name" : "oval:org.mitre.oval:def:9553", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553" - }, - { - "name" : "16394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16394" - }, - { - "name" : "19380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2005:054", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_54_evolution.html" + }, + { + "name": "14532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14532" + }, + { + "name": "RHSA-2005:267", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-267.html" + }, + { + "name": "19380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19380" + }, + { + "name": "DSA-1016", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1016" + }, + { + "name": "FEDORA-2005-743", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html" + }, + { + "name": "MDKSA-2005:141", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:141" + }, + { + "name": "16394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16394" + }, + { + "name": "oval:org.mitre.oval:def:9553", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553" + }, + { + "name": "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html", + "refsource": "MISC", + "url": "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html" + }, + { + "name": "20050810 Evolution multiple remote format string bugs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/407789" + }, + { + "name": "20050810 Evolution multiple remote format string bugs", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=112368237712032&w=2" + }, + { + "name": "USN-166-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/166-1/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3005.json b/2005/3xxx/CVE-2005-3005.json index 5b8a6b98229..5e9513440dd 100644 --- a/2005/3xxx/CVE-2005-3005.json +++ b/2005/3xxx/CVE-2005-3005.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpjunkyard.com/extras/hesk_0931_patch.zip", - "refsource" : "CONFIRM", - "url" : "http://www.phpjunkyard.com/extras/hesk_0931_patch.zip" - }, - { - "name" : "20050920 Hesk Session ID Validation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112724743530521&w=2" - }, - { - "name" : "14879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14879" - }, - { - "name" : "ADV-2005-1792", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1792" - }, - { - "name" : "16859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-1792", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1792" + }, + { + "name": "20050920 Hesk Session ID Validation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112724743530521&w=2" + }, + { + "name": "14879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14879" + }, + { + "name": "16859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16859" + }, + { + "name": "http://www.phpjunkyard.com/extras/hesk_0931_patch.zip", + "refsource": "CONFIRM", + "url": "http://www.phpjunkyard.com/extras/hesk_0931_patch.zip" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3604.json b/2005/3xxx/CVE-2005-3604.json index 66f8b0503c9..54918dc0c66 100644 --- a/2005/3xxx/CVE-2005-3604.json +++ b/2005/3xxx/CVE-2005-3604.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3604", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3604", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3890.json b/2005/3xxx/CVE-2005-3890.json index 47293c0c049..143e0091df3 100644 --- a/2005/3xxx/CVE-2005-3890.json +++ b/2005/3xxx/CVE-2005-3890.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051121 Gadu-Gadu several vulnerabilities (version <= 7.20)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113261573023912&w=2" - }, - { - "name" : "20051121 Gadu-Gadu several vulnerabilities (version <= 7.20)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.html" - }, - { - "name" : "15520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15520/" - }, - { - "name" : "21019", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21019" - }, - { - "name" : "17597", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17597/" - }, - { - "name" : "gadu-gadu-gg-uri-dos(23153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15520/" + }, + { + "name": "21019", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21019" + }, + { + "name": "20051121 Gadu-Gadu several vulnerabilities (version <= 7.20)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113261573023912&w=2" + }, + { + "name": "gadu-gadu-gg-uri-dos(23153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23153" + }, + { + "name": "17597", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17597/" + }, + { + "name": "20051121 Gadu-Gadu several vulnerabilities (version <= 7.20)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3931.json b/2005/3xxx/CVE-2005-3931.json index c75c776c9d6..cd9bbddb243 100644 --- a/2005/3xxx/CVE-2005-3931.json +++ b/2005/3xxx/CVE-2005-3931.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051129 ASP-Rider Default.asp SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418088/100/0/threaded" - }, - { - "name" : "15617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15617" - }, - { - "name" : "ADV-2005-2663", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2663" - }, - { - "name" : "21248", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21248" - }, - { - "name" : "17792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17792" - }, - { - "name" : "218", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/218" - }, - { - "name" : "asp-rider-default-sql-injection(23300)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17792" + }, + { + "name": "218", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/218" + }, + { + "name": "20051129 ASP-Rider Default.asp SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418088/100/0/threaded" + }, + { + "name": "asp-rider-default-sql-injection(23300)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23300" + }, + { + "name": "15617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15617" + }, + { + "name": "ADV-2005-2663", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2663" + }, + { + "name": "21248", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21248" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4178.json b/2005/4xxx/CVE-2005-4178.json index 2b7fecd02a5..e827ebae510 100644 --- a/2005/4xxx/CVE-2005-4178.json +++ b/2005/4xxx/CVE-2005-4178.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-4178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dropbear] 20051211 Dropbear 0.47 (and security fix)", - "refsource" : "MLIST", - "url" : "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html" - }, - { - "name" : "http://matt.ucc.asn.au/dropbear/dropbear.html", - "refsource" : "MISC", - "url" : "http://matt.ucc.asn.au/dropbear/dropbear.html" - }, - { - "name" : "DSA-923", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-923" - }, - { - "name" : "GLSA-200512-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml" - }, - { - "name" : "15923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15923/" - }, - { - "name" : "ADV-2005-2962", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2962" - }, - { - "name" : "18108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18108" - }, - { - "name" : "18109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18109" - }, - { - "name" : "18142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18142" + }, + { + "name": "15923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15923/" + }, + { + "name": "[dropbear] 20051211 Dropbear 0.47 (and security fix)", + "refsource": "MLIST", + "url": "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html" + }, + { + "name": "18109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18109" + }, + { + "name": "GLSA-200512-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml" + }, + { + "name": "DSA-923", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-923" + }, + { + "name": "18108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18108" + }, + { + "name": "http://matt.ucc.asn.au/dropbear/dropbear.html", + "refsource": "MISC", + "url": "http://matt.ucc.asn.au/dropbear/dropbear.html" + }, + { + "name": "ADV-2005-2962", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2962" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4603.json b/2005/4xxx/CVE-2005-4603.json index 4bba289747b..dd0d92bc798 100644 --- a/2005/4xxx/CVE-2005-4603.json +++ b/2005/4xxx/CVE-2005-4603.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051231 MyBB XSS cross-site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420569/100/0/threaded" - }, - { - "name" : "16096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16096" - }, - { - "name" : "ADV-2006-0012", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0012" - }, - { - "name" : "21601", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21601" - }, - { - "name" : "18281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18281" - }, - { - "name" : "310", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0012", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0012" + }, + { + "name": "20051231 MyBB XSS cross-site scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420569/100/0/threaded" + }, + { + "name": "18281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18281" + }, + { + "name": "310", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/310" + }, + { + "name": "21601", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21601" + }, + { + "name": "16096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16096" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4848.json b/2005/4xxx/CVE-2005-4848.json index 26f3bb57eb0..8e8c351e553 100644 --- a/2005/4xxx/CVE-2005-4848.json +++ b/2005/4xxx/CVE-2005-4848.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog2.lemondeinformatique.fr/management_du_si/2006/05/notre_ami_imad_.html", - "refsource" : "MISC", - "url" : "http://blog2.lemondeinformatique.fr/management_du_si/2006/05/notre_ami_imad_.html" - }, - { - "name" : "http://www.lemonde.fr/web/article/0,1-0@2-3208,36-777732,0.html", - "refsource" : "MISC", - "url" : "http://www.lemonde.fr/web/article/0,1-0@2-3208,36-777732,0.html" - }, - { - "name" : "http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html" - }, - { - "name" : "ADV-2007-2419", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2419" - }, - { - "name" : "blackberry-decompression-bo(35241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html" + }, + { + "name": "blackberry-decompression-bo(35241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35241" + }, + { + "name": "ADV-2007-2419", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2419" + }, + { + "name": "http://blog2.lemondeinformatique.fr/management_du_si/2006/05/notre_ami_imad_.html", + "refsource": "MISC", + "url": "http://blog2.lemondeinformatique.fr/management_du_si/2006/05/notre_ami_imad_.html" + }, + { + "name": "http://www.lemonde.fr/web/article/0,1-0@2-3208,36-777732,0.html", + "refsource": "MISC", + "url": "http://www.lemonde.fr/web/article/0,1-0@2-3208,36-777732,0.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2104.json b/2009/2xxx/CVE-2009-2104.json index 36f1b73e3e8..9e04e95b054 100644 --- a/2009/2xxx/CVE-2009-2104.json +++ b/2009/2xxx/CVE-2009-2104.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/" - }, - { - "name" : "35397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35397" - }, - { - "name" : "55122", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55122" - }, - { - "name" : "35483", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/" + }, + { + "name": "55122", + "refsource": "OSVDB", + "url": "http://osvdb.org/55122" + }, + { + "name": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/" + }, + { + "name": "35397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35397" + }, + { + "name": "35483", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35483" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2189.json b/2009/2xxx/CVE-2009-2189.json index 4b2afa7ff70..0a9bf0dbb17 100644 --- a/2009/2xxx/CVE-2009-2189.json +++ b/2009/2xxx/CVE-2009-2189.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4298", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4298" - }, - { - "name" : "APPLE-SA-2010-12-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html" - }, - { - "name" : "1024907", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-12-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4298", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4298" + }, + { + "name": "1024907", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024907" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2405.json b/2009/2xxx/CVE-2009-2405.json index 96b83d76ea7..3503ed70d16 100644 --- a/2009/2xxx/CVE-2009-2405.json +++ b/2009/2xxx/CVE-2009-2405.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.jboss.org/jira/browse/JBAS-7105", - "refsource" : "MISC", - "url" : "https://jira.jboss.org/jira/browse/JBAS-7105" - }, - { - "name" : "https://jira.jboss.org/jira/browse/JBPAPP-2274", - "refsource" : "MISC", - "url" : "https://jira.jboss.org/jira/browse/JBPAPP-2274" - }, - { - "name" : "https://jira.jboss.org/jira/browse/JBPAPP-2284", - "refsource" : "MISC", - "url" : "https://jira.jboss.org/jira/browse/JBPAPP-2284" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=510023", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=510023" - }, - { - "name" : "RHSA-2009:1636", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1636.html" - }, - { - "name" : "RHSA-2009:1637", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1637.html" - }, - { - "name" : "RHSA-2009:1649", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1649.html" - }, - { - "name" : "RHSA-2009:1650", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1650.html" - }, - { - "name" : "37276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37276" - }, - { - "name" : "60898", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60898" - }, - { - "name" : "60899", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60899" - }, - { - "name" : "1023315", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023315" - }, - { - "name" : "35680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35680" - }, - { - "name" : "37671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37671" - }, - { - "name" : "jboss-createsnapshot-xss(54700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.jboss.org/jira/browse/JBAS-7105", + "refsource": "MISC", + "url": "https://jira.jboss.org/jira/browse/JBAS-7105" + }, + { + "name": "37276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37276" + }, + { + "name": "1023315", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023315" + }, + { + "name": "60899", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60899" + }, + { + "name": "RHSA-2009:1637", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html" + }, + { + "name": "https://jira.jboss.org/jira/browse/JBPAPP-2284", + "refsource": "MISC", + "url": "https://jira.jboss.org/jira/browse/JBPAPP-2284" + }, + { + "name": "37671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37671" + }, + { + "name": "RHSA-2009:1636", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html" + }, + { + "name": "RHSA-2009:1649", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html" + }, + { + "name": "60898", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60898" + }, + { + "name": "jboss-createsnapshot-xss(54700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700" + }, + { + "name": "https://jira.jboss.org/jira/browse/JBPAPP-2274", + "refsource": "MISC", + "url": "https://jira.jboss.org/jira/browse/JBPAPP-2274" + }, + { + "name": "35680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35680" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=510023", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510023" + }, + { + "name": "RHSA-2009:1650", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2416.json b/2009/2xxx/CVE-2009-2416.json index ae8cd6f9752..41e299a1bb0 100644 --- a/2009/2xxx/CVE-2009-2416.json +++ b/2009/2xxx/CVE-2009-2416.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg678527.html" - }, - { - "name" : "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", - "refsource" : "MISC", - "url" : "http://www.cert.fi/en/reports/2009/vulnerability2009085.html" - }, - { - "name" : "http://www.codenomicon.com/labs/xml/", - "refsource" : "MISC", - "url" : "http://www.codenomicon.com/labs/xml/" - }, - { - "name" : "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", - "refsource" : "MISC", - "url" : "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=515205", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=515205" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html" - }, - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "http://support.apple.com/kb/HT3949", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3949" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html" - }, - { - "name" : "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2009-11-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "DSA-1859", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1859" - }, - { - "name" : "FEDORA-2009-8491", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html" - }, - { - "name" : "FEDORA-2009-8498", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html" - }, - { - "name" : "FEDORA-2009-8580", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html" - }, - { - "name" : "SUSE-SR:2009:015", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html" - }, - { - "name" : "USN-815-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-815-1" - }, - { - "name" : "36010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36010" - }, - { - "name" : "oval:org.mitre.oval:def:7783", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783" - }, - { - "name" : "oval:org.mitre.oval:def:9262", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262" - }, - { - "name" : "36338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36338" - }, - { - "name" : "36207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36207" - }, - { - "name" : "36417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36417" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "37346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37346" - }, - { - "name" : "35036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35036" - }, - { - "name" : "36631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36631" - }, - { - "name" : "ADV-2009-2420", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2420" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "ADV-2009-3217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-815-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-815-1" + }, + { + "name": "FEDORA-2009-8491", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html" + }, + { + "name": "36631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36631" + }, + { + "name": "oval:org.mitre.oval:def:9262", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262" + }, + { + "name": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", + "refsource": "MISC", + "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=515205", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html" + }, + { + "name": "APPLE-SA-2009-11-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" + }, + { + "name": "ADV-2009-3217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3217" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "ADV-2009-2420", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2420" + }, + { + "name": "FEDORA-2009-8580", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "36417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36417" + }, + { + "name": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", + "refsource": "MISC", + "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html" + }, + { + "name": "http://www.codenomicon.com/labs/xml/", + "refsource": "MISC", + "url": "http://www.codenomicon.com/labs/xml/" + }, + { + "name": "SUSE-SR:2009:015", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3949", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3949" + }, + { + "name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg678527.html" + }, + { + "name": "36010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36010" + }, + { + "name": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59" + }, + { + "name": "35036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35036" + }, + { + "name": "36338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36338" + }, + { + "name": "FEDORA-2009-8498", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html" + }, + { + "name": "oval:org.mitre.oval:def:7783", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "DSA-1859", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1859" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "37346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37346" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + }, + { + "name": "36207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36207" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2525.json b/2009/2xxx/CVE-2009-2525.json index 3ee7434e9e4..633fd2c794c 100644 --- a/2009/2xxx/CVE-2009-2525.json +++ b/2009/2xxx/CVE-2009-2525.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka \"Windows Media Runtime Heap Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-2525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051" - }, - { - "name" : "TA09-286A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6484", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka \"Windows Media Runtime Heap Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA09-286A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" + }, + { + "name": "oval:org.mitre.oval:def:6484", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6484" + }, + { + "name": "MS09-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2788.json b/2009/2xxx/CVE-2009-2788.json index d9a7c21fe83..ba6f8118d8a 100644 --- a/2009/2xxx/CVE-2009-2788.json +++ b/2009/2xxx/CVE-2009-2788.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9327", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9327" - }, - { - "name" : "35910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35910" + }, + { + "name": "9327", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9327" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2830.json b/2009/2xxx/CVE-2009-2830.json index 7223fd737a2..3f38c8d2b6f 100644 --- a/2009/2xxx/CVE-2009-2830.json +++ b/2009/2xxx/CVE-2009-2830.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "36956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36956" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36956" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3021.json b/2009/3xxx/CVE-2009-3021.json index ee6d38cc06d..65e3275a1af 100644 --- a/2009/3xxx/CVE-2009-3021.json +++ b/2009/3xxx/CVE-2009-3021.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.geeklog.jp/article.php/20090820020302431", - "refsource" : "MISC", - "url" : "http://www.geeklog.jp/article.php/20090820020302431" - }, - { - "name" : "JVN#20478978", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN20478978/index.html" - }, - { - "name" : "JVNDB-2009-000055", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html" - }, - { - "name" : "36404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36404" - }, - { - "name" : "36413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#20478978", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN20478978/index.html" + }, + { + "name": "http://www.geeklog.jp/article.php/20090820020302431", + "refsource": "MISC", + "url": "http://www.geeklog.jp/article.php/20090820020302431" + }, + { + "name": "36404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36404" + }, + { + "name": "JVNDB-2009-000055", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html" + }, + { + "name": "36413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36413" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3659.json b/2009/3xxx/CVE-2009-3659.json index 12e32d4423d..94085eeabe3 100644 --- a/2009/3xxx/CVE-2009-3659.json +++ b/2009/3xxx/CVE-2009-3659.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9669", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9669" - }, - { - "name" : "bscounter-stats-sql-injection(53236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9669", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9669" + }, + { + "name": "bscounter-stats-sql-injection(53236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53236" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4002.json b/2009/4xxx/CVE-2009-4002.json index 2d18a1d6066..3e639dd194d 100644 --- a/2009/4xxx/CVE-2009-4002.json +++ b/2009/4xxx/CVE-2009-4002.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-4002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100120 Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509062/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-61/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-61/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-03.html" - }, - { - "name" : "37870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37870" - }, - { - "name" : "oval:org.mitre.oval:def:8311", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8311" - }, - { - "name" : "1023481", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023481" - }, - { - "name" : "37888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37888" - }, - { - "name" : "ADV-2010-0171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0171" - }, - { - "name" : "shockwave-3d-bo(55758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37870" + }, + { + "name": "20100120 Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509062/100/0/threaded" + }, + { + "name": "37888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37888" + }, + { + "name": "shockwave-3d-bo(55758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55758" + }, + { + "name": "1023481", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023481" + }, + { + "name": "oval:org.mitre.oval:def:8311", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8311" + }, + { + "name": "ADV-2010-0171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0171" + }, + { + "name": "http://secunia.com/secunia_research/2009-61/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-61/" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4559.json b/2009/4xxx/CVE-2009-4559.json index f21030e6f34..83b116e7769 100644 --- a/2009/4xxx/CVE-2009-4559.json +++ b/2009/4xxx/CVE-2009-4559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with \"administer content types\" privileges, to inject arbitrary web script or HTML via an input string for \"submitted by\" text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/520372", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/520372" - }, - { - "name" : "35708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35708" - }, - { - "name" : "submittedby-unspecified-xss(51788)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with \"administer content types\" privileges, to inject arbitrary web script or HTML via an input string for \"submitted by\" text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "submittedby-unspecified-xss(51788)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51788" + }, + { + "name": "35708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35708" + }, + { + "name": "http://drupal.org/node/520372", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/520372" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4939.json b/2009/4xxx/CVE-2009-4939.json index aadafc9bb72..e32911a1ce6 100644 --- a/2009/4xxx/CVE-2009-4939.json +++ b/2009/4xxx/CVE-2009-4939.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090527 [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503855/100/0/threaded" - }, - { - "name" : "20090528 Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503911/100/0/threaded" - }, - { - "name" : "8818", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8818" - }, - { - "name" : "http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html" - }, - { - "name" : "54790", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54790" - }, - { - "name" : "35262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35262" - }, - { - "name" : "adpeeps-fields-xss(50824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50824" - }, - { - "name" : "adpeeps-index-xss(50823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090527 [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503855/100/0/threaded" + }, + { + "name": "adpeeps-fields-xss(50824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50824" + }, + { + "name": "http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html", + "refsource": "MISC", + "url": "http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html" + }, + { + "name": "adpeeps-index-xss(50823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50823" + }, + { + "name": "54790", + "refsource": "OSVDB", + "url": "http://osvdb.org/54790" + }, + { + "name": "20090528 Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503911/100/0/threaded" + }, + { + "name": "8818", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8818" + }, + { + "name": "35262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35262" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0480.json b/2015/0xxx/CVE-2015-0480.json index 2cda64418de..1f07841fbf6 100644 --- a/2015/0xxx/CVE-2015-0480.json +++ b/2015/0xxx/CVE-2015-0480.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0158.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0158.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" - }, - { - "name" : "DSA-3234", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3234" - }, - { - "name" : "DSA-3235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3235" - }, - { - "name" : "DSA-3316", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3316" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "MDVSA-2015:212", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212" - }, - { - "name" : "RHSA-2015:0806", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0806.html" - }, - { - "name" : "RHSA-2015:0807", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0807.html" - }, - { - "name" : "RHSA-2015:0808", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0808.html" - }, - { - "name" : "RHSA-2015:0809", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0809.html" - }, - { - "name" : "RHSA-2015:1006", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1006.html" - }, - { - "name" : "RHSA-2015:1007", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1007.html" - }, - { - "name" : "RHSA-2015:1020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1020.html" - }, - { - "name" : "RHSA-2015:1021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1021.html" - }, - { - "name" : "RHSA-2015:1091", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1091.html" - }, - { - "name" : "RHSA-2015:0854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0854.html" - }, - { - "name" : "RHSA-2015:0857", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0857.html" - }, - { - "name" : "RHSA-2015:0858", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0858.html" - }, - { - "name" : "openSUSE-SU-2015:0773", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" - }, - { - "name" : "openSUSE-SU-2015:0774", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:0833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" - }, - { - "name" : "SUSE-SU-2016:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:2166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:2168", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:2182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:2192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:2216", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:1085", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" - }, - { - "name" : "SUSE-SU-2015:1086", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1161", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" - }, - { - "name" : "USN-2573-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2573-1" - }, - { - "name" : "USN-2574-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2574-1" - }, - { - "name" : "74104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74104" - }, - { - "name" : "1032120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0857", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html" + }, + { + "name": "DSA-3235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3235" + }, + { + "name": "RHSA-2015:1007", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html" + }, + { + "name": "SUSE-SU-2015:2182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" + }, + { + "name": "RHSA-2015:0806", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0806.html" + }, + { + "name": "RHSA-2015:1006", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html" + }, + { + "name": "SUSE-SU-2015:2192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0158.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0158.html" + }, + { + "name": "SUSE-SU-2015:0833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" + }, + { + "name": "MDVSA-2015:212", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212" + }, + { + "name": "74104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74104" + }, + { + "name": "RHSA-2015:1091", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html" + }, + { + "name": "DSA-3316", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3316" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "SUSE-SU-2015:2166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" + }, + { + "name": "1032120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032120" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" + }, + { + "name": "openSUSE-SU-2015:0773", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" + }, + { + "name": "SUSE-SU-2015:1138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" + }, + { + "name": "DSA-3234", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3234" + }, + { + "name": "USN-2573-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2573-1" + }, + { + "name": "SUSE-SU-2015:2216", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" + }, + { + "name": "RHSA-2015:1020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html" + }, + { + "name": "RHSA-2015:0807", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0807.html" + }, + { + "name": "SUSE-SU-2015:1086", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" + }, + { + "name": "SUSE-SU-2015:2168", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" + }, + { + "name": "SUSE-SU-2015:1085", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" + }, + { + "name": "RHSA-2015:0858", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0858.html" + }, + { + "name": "RHSA-2015:1021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html" + }, + { + "name": "RHSA-2015:0808", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0808.html" + }, + { + "name": "USN-2574-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2574-1" + }, + { + "name": "RHSA-2015:0809", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html" + }, + { + "name": "openSUSE-SU-2015:0774", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" + }, + { + "name": "SUSE-SU-2015:1161", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" + }, + { + "name": "RHSA-2015:0854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html" + }, + { + "name": "SUSE-SU-2016:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0514.json b/2015/0xxx/CVE-2015-0514.json index d307de886f8..acfb40eb355 100644 --- a/2015/0xxx/CVE-2015-0514.json +++ b/2015/0xxx/CVE-2015-0514.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-0514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150120 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html" - }, - { - "name" : "20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534923/100/0/threaded" - }, - { - "name" : "20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/112" - }, - { - "name" : "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html", - "refsource" : "MISC", - "url" : "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html" - }, - { - "name" : "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html" - }, - { - "name" : "72257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72257" - }, - { - "name" : "1031567", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html", + "refsource": "MISC", + "url": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html" + }, + { + "name": "1031567", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031567" + }, + { + "name": "20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534923/100/0/threaded" + }, + { + "name": "20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/112" + }, + { + "name": "20150120 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html" + }, + { + "name": "72257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72257" + }, + { + "name": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0593.json b/2015/0xxx/CVE-2015-0593.json index d1d1001f2bb..d3ff59d1a77 100644 --- a/2015/0xxx/CVE-2015-0593.json +++ b/2015/0xxx/CVE-2015-0593.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37417", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37417" - }, - { - "name" : "20150209 Cisco IOS Software Zone-Based Firewall Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0593" - }, - { - "name" : "72549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72549" - }, - { - "name" : "ciscoios-cve20150593-dos(100757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37417", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37417" + }, + { + "name": "20150209 Cisco IOS Software Zone-Based Firewall Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0593" + }, + { + "name": "ciscoios-cve20150593-dos(100757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100757" + }, + { + "name": "72549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72549" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0608.json b/2015/0xxx/CVE-2015-0608.json index 234c8ec3623..a9a6dbb437b 100644 --- a/2015/0xxx/CVE-2015-0608.json +++ b/2015/0xxx/CVE-2015-0608.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37421", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37421" - }, - { - "name" : "20150210 Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0608" - }, - { - "name" : "72566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72566" - }, - { - "name" : "1031731", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031731" - }, - { - "name" : "ciscoios-cve20150608-dos(100808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150210 Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0608" + }, + { + "name": "72566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72566" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37421", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37421" + }, + { + "name": "ciscoios-cve20150608-dos(100808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100808" + }, + { + "name": "1031731", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031731" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1466.json b/2015/1xxx/CVE-2015-1466.json index ef0bff8b113..bbc7ca84315 100644 --- a/2015/1xxx/CVE-2015-1466.json +++ b/2015/1xxx/CVE-2015-1466.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1466", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1466", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1859.json b/2015/1xxx/CVE-2015-1859.json index 6d46552e356..aeeafd41806 100644 --- a/2015/1xxx/CVE-2015-1859.json +++ b/2015/1xxx/CVE-2015-1859.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", - "refsource" : "MLIST", - "url" : "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html" - }, - { - "name" : "FEDORA-2015-6114", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html" - }, - { - "name" : "FEDORA-2015-6123", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html" - }, - { - "name" : "FEDORA-2015-6252", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html" - }, - { - "name" : "FEDORA-2015-6315", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html" - }, - { - "name" : "FEDORA-2015-6364", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html" - }, - { - "name" : "GLSA-201603-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-10" - }, - { - "name" : "USN-2626-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2626-1" - }, - { - "name" : "74307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74307" - }, - { - "name" : "74310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-6114", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html" + }, + { + "name": "74307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74307" + }, + { + "name": "FEDORA-2015-6123", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html" + }, + { + "name": "74310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74310" + }, + { + "name": "GLSA-201603-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-10" + }, + { + "name": "FEDORA-2015-6315", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html" + }, + { + "name": "FEDORA-2015-6364", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html" + }, + { + "name": "USN-2626-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2626-1" + }, + { + "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", + "refsource": "MLIST", + "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html" + }, + { + "name": "FEDORA-2015-6252", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1869.json b/2015/1xxx/CVE-2015-1869.json index 84cb260cb29..103040b4fc3 100644 --- a/2015/1xxx/CVE-2015-1869.json +++ b/2015/1xxx/CVE-2015-1869.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1869", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1869", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4116.json b/2015/4xxx/CVE-2015-4116.json index 54550467f21..dfa0f8ced58 100644 --- a/2015/4xxx/CVE-2015-4116.json +++ b/2015/4xxx/CVE-2015-4116.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23262", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23262" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=69737", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=69737" - }, - { - "name" : "openSUSE-SU-2016:1524", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1524", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23262", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23262" + }, + { + "name": "https://bugs.php.net/bug.php?id=69737", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=69737" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4288.json b/2015/4xxx/CVE-2015-4288.json index ab5afb76359..74efea6c986 100644 --- a/2015/4xxx/CVE-2015-4288.json +++ b/2015/4xxx/CVE-2015-4288.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150724 Multiple Cisco Products LDAP Server SSL Certificate Validation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150724 Multiple Cisco Products LDAP Server SSL Certificate Validation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40137" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4382.json b/2015/4xxx/CVE-2015-4382.json index 2c4e695b800..3b6c0ee1f41 100644 --- a/2015/4xxx/CVE-2015-4382.json +++ b/2015/4xxx/CVE-2015-4382.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2459337", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2459337" - }, - { - "name" : "https://www.drupal.org/node/2474135", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2474135" - }, - { - "name" : "https://www.drupal.org/node/2474139", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2474139" - }, - { - "name" : "74345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2459337", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2459337" + }, + { + "name": "https://www.drupal.org/node/2474135", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2474135" + }, + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "https://www.drupal.org/node/2474139", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2474139" + }, + { + "name": "74345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74345" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4501.json b/2015/4xxx/CVE-2015-4501.json index 74287e2e797..9a78fa594ce 100644 --- a/2015/4xxx/CVE-2015-4501.json +++ b/2015/4xxx/CVE-2015-4501.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-96.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-96.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1165706", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1165706" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1186657", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1186657" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "SUSE-SU-2015:2081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" - }, - { - "name" : "openSUSE-SU-2015:1658", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:1680", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html" - }, - { - "name" : "openSUSE-SU-2015:1681", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:1703", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html" - }, - { - "name" : "USN-2743-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-4" - }, - { - "name" : "USN-2743-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-1" - }, - { - "name" : "USN-2743-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-2" - }, - { - "name" : "USN-2743-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-3" - }, - { - "name" : "76816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76816" - }, - { - "name" : "1033640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1680", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html" + }, + { + "name": "SUSE-SU-2015:2081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" + }, + { + "name": "openSUSE-SU-2015:1681", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" + }, + { + "name": "USN-2743-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-4" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-96.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-96.html" + }, + { + "name": "USN-2743-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-3" + }, + { + "name": "USN-2743-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-2" + }, + { + "name": "1033640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033640" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1165706", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1165706" + }, + { + "name": "76816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76816" + }, + { + "name": "SUSE-SU-2015:1703", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html" + }, + { + "name": "openSUSE-SU-2015:1658", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" + }, + { + "name": "USN-2743-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186657", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186657" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4552.json b/2015/4xxx/CVE-2015-4552.json index 4bc22d49eb9..1a016a9528d 100644 --- a/2015/4xxx/CVE-2015-4552.json +++ b/2015/4xxx/CVE-2015-4552.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://adrianhayter.com/exploits.php", - "refsource" : "MISC", - "url" : "http://adrianhayter.com/exploits.php" - }, - { - "name" : "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/" - }, - { - "name" : "1033471", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033471", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033471" + }, + { + "name": "http://adrianhayter.com/exploits.php", + "refsource": "MISC", + "url": "http://adrianhayter.com/exploits.php" + }, + { + "name": "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4703.json b/2015/4xxx/CVE-2015-4703.json index 8dc9d01d682..d5b0389cbbf 100644 --- a/2015/4xxx/CVE-2015-4703.json +++ b/2015/4xxx/CVE-2015-4703.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150623 Arbitrary File download in wordpress plugin wp-instance-rename v1.0", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/23/5" - }, - { - "name" : "http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html" - }, - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=127", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=127" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8055", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8055" - }, - { - "name" : "75394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapid.dhs.org/advisory.php?v=127", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=127" + }, + { + "name": "[oss-security] 20150623 Arbitrary File download in wordpress plugin wp-instance-rename v1.0", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/23/5" + }, + { + "name": "75394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75394" + }, + { + "name": "http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8055", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8055" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5362.json b/2015/5xxx/CVE-2015-5362.json index 769be42cf34..189d37f343b 100644 --- a/2015/5xxx/CVE-2015-5362.json +++ b/2015/5xxx/CVE-2015-5362.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D85, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10 allows remote attackers to cause a denial of service (bfdd crash and restart) or execute arbitrary code via a crafted BFD packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10690", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10690" - }, - { - "name" : "1032844", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D85, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10 allows remote attackers to cause a denial of service (bfdd crash and restart) or execute arbitrary code via a crafted BFD packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10690", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10690" + }, + { + "name": "1032844", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032844" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5543.json b/2015/5xxx/CVE-2015-5543.json index b80f42d98c8..887e4b92f4a 100644 --- a/2015/5xxx/CVE-2015-5543.json +++ b/2015/5xxx/CVE-2015-5543.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5543", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5543", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2336.json b/2018/2xxx/CVE-2018-2336.json index 15e03d44f43..66e2c7232f7 100644 --- a/2018/2xxx/CVE-2018-2336.json +++ b/2018/2xxx/CVE-2018-2336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2336", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2336", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2641.json b/2018/2xxx/CVE-2018-2641.json index df5d5480b08..488261f6d92 100644 --- a/2018/2xxx/CVE-2018-2641.json +++ b/2018/2xxx/CVE-2018-2641.json @@ -1,180 +1,180 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u171" - }, - { - "version_affected" : "=", - "version_value" : "7u161" - }, - { - "version_affected" : "=", - "version_value" : "8u152" - }, - { - "version_affected" : "=", - "version_value" : "9.0.1; Java SE Embedded: 8u151" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u171" + }, + { + "version_affected": "=", + "version_value": "7u161" + }, + { + "version_affected": "=", + "version_value": "8u152" + }, + { + "version_affected": "=", + "version_value": "9.0.1; Java SE Embedded: 8u151" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180117-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us" - }, - { - "name" : "DSA-4144", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4144" - }, - { - "name" : "DSA-4166", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4166" - }, - { - "name" : "RHSA-2018:0095", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0095" - }, - { - "name" : "RHSA-2018:0099", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0099" - }, - { - "name" : "RHSA-2018:0100", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0100" - }, - { - "name" : "RHSA-2018:0115", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0115" - }, - { - "name" : "RHSA-2018:0349", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0349" - }, - { - "name" : "RHSA-2018:0351", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0351" - }, - { - "name" : "RHSA-2018:0352", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0352" - }, - { - "name" : "RHSA-2018:0458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0458" - }, - { - "name" : "RHSA-2018:0521", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0521" - }, - { - "name" : "RHSA-2018:1463", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1463" - }, - { - "name" : "RHSA-2018:1812", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1812" - }, - { - "name" : "USN-3613-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3613-1/" - }, - { - "name" : "USN-3614-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3614-1/" - }, - { - "name" : "102605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102605" - }, - { - "name" : "1040203", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0351", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0351" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180117-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180117-0001/" + }, + { + "name": "USN-3614-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3614-1/" + }, + { + "name": "DSA-4166", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4166" + }, + { + "name": "RHSA-2018:0095", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0095" + }, + { + "name": "DSA-4144", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4144" + }, + { + "name": "RHSA-2018:0521", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0521" + }, + { + "name": "RHSA-2018:0352", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0352" + }, + { + "name": "RHSA-2018:0115", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0115" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html" + }, + { + "name": "RHSA-2018:1812", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1812" + }, + { + "name": "102605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102605" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us" + }, + { + "name": "RHSA-2018:0099", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0099" + }, + { + "name": "RHSA-2018:1463", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1463" + }, + { + "name": "RHSA-2018:0458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0458" + }, + { + "name": "RHSA-2018:0349", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0349" + }, + { + "name": "1040203", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040203" + }, + { + "name": "USN-3613-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3613-1/" + }, + { + "name": "RHSA-2018:0100", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0100" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2996.json b/2018/2xxx/CVE-2018-2996.json index a58e4eda7f9..863f4105e60 100644 --- a/2018/2xxx/CVE-2018-2996.json +++ b/2018/2xxx/CVE-2018-2996.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Applications Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104837" - }, - { - "name" : "1041309", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104837" + }, + { + "name": "1041309", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041309" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3096.json b/2018/3xxx/CVE-2018-3096.json index 3525ee9b030..0487620a74e 100644 --- a/2018/3xxx/CVE-2018-3096.json +++ b/2018/3xxx/CVE-2018-3096.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104762" - }, - { - "name" : "1041310", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104762" + }, + { + "name": "1041310", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041310" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3436.json b/2018/3xxx/CVE-2018-3436.json index 4844adc7123..b9f8e8a1ede 100644 --- a/2018/3xxx/CVE-2018-3436.json +++ b/2018/3xxx/CVE-2018-3436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3436", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3436", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3438.json b/2018/3xxx/CVE-2018-3438.json index 3a5c3b84f9e..aa566995cb9 100644 --- a/2018/3xxx/CVE-2018-3438.json +++ b/2018/3xxx/CVE-2018-3438.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3438", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3438", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6331.json b/2018/6xxx/CVE-2018-6331.json index 8a1b05c3da3..b351651733a 100644 --- a/2018/6xxx/CVE-2018-6331.json +++ b/2018/6xxx/CVE-2018-6331.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@fb.com", - "DATE_ASSIGNED" : "2018-03-26", - "ID" : "CVE-2018-6331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Buck", - "version" : { - "version_data" : [ - { - "version_affected" : "!=>", - "version_value" : "v2018.06.25.01" - }, - { - "version_affected" : "<=", - "version_value" : "v2018.06.25.01" - } - ] - } - } - ] - }, - "vendor_name" : "Facebook" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Deserialization of Untrusted Data (CWE-502)" - } + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2018-03-26", + "ID": "CVE-2018-6331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Buck", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "v2018.06.25.01" + }, + { + "version_affected": "<=", + "version_value": "v2018.06.25.01" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/facebook/buck/commit/8c5500981812564877bd122c0f8fab48d3528ddf", - "refsource" : "MISC", - "url" : "https://github.com/facebook/buck/commit/8c5500981812564877bd122c0f8fab48d3528ddf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data (CWE-502)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/buck/commit/8c5500981812564877bd122c0f8fab48d3528ddf", + "refsource": "MISC", + "url": "https://github.com/facebook/buck/commit/8c5500981812564877bd122c0f8fab48d3528ddf" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6351.json b/2018/6xxx/CVE-2018-6351.json index b324a056e87..7fdc0fdd6c3 100644 --- a/2018/6xxx/CVE-2018-6351.json +++ b/2018/6xxx/CVE-2018-6351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6369.json b/2018/6xxx/CVE-2018-6369.json index 5bac0ba04cd..c27a50f6ce2 100644 --- a/2018/6xxx/CVE-2018-6369.json +++ b/2018/6xxx/CVE-2018-6369.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6369", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6369", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6397.json b/2018/6xxx/CVE-2018-6397.json index f7a39ce179f..8a2145fa118 100644 --- a/2018/6xxx/CVE-2018-6397.json +++ b/2018/6xxx/CVE-2018-6397.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43931", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43931/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43931", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43931/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7104.json b/2018/7xxx/CVE-2018-7104.json index 7e043e9fe36..0c0abd52040 100644 --- a/2018/7xxx/CVE-2018-7104.json +++ b/2018/7xxx/CVE-2018-7104.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE Intelligent Management Center (iMC) Wireless Services Manager Software", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to IMC WSM 7.3 E0506P02" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE Intelligent Management Center (iMC) Wireless Services Manager Software", + "version": { + "version_data": [ + { + "version_value": "Prior to IMC WSM 7.3 E0506P02" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7162.json b/2018/7xxx/CVE-2018-7162.json index c2386cc1a0c..516684007cd 100644 --- a/2018/7xxx/CVE-2018-7162.json +++ b/2018/7xxx/CVE-2018-7162.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-request@iojs.org", - "DATE_PUBLIC" : "2018-06-12T00:00:00", - "ID" : "CVE-2018-7162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Node.js", - "version" : { - "version_data" : [ - { - "version_value" : "9.x+" - }, - { - "version_value" : "10.x+" - } - ] - } - } - ] - }, - "vendor_name" : "The Node.js Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "cve-request@iojs.org", + "DATE_PUBLIC": "2018-06-12T00:00:00", + "ID": "CVE-2018-7162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Node.js", + "version": { + "version_data": [ + { + "version_value": "9.x+" + }, + { + "version_value": "10.x+" + } + ] + } + } + ] + }, + "vendor_name": "The Node.js Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" - }, - { - "name" : "104468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" + }, + { + "name": "104468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104468" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7219.json b/2018/7xxx/CVE-2018-7219.json index c6a49aace63..73dd3775d3a 100644 --- a/2018/7xxx/CVE-2018-7219.json +++ b/2018/7xxx/CVE-2018-7219.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://foreversong.cn/archives/1081", - "refsource" : "MISC", - "url" : "http://foreversong.cn/archives/1081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://foreversong.cn/archives/1081", + "refsource": "MISC", + "url": "http://foreversong.cn/archives/1081" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7589.json b/2018/7xxx/CVE-2018-7589.json index c9adb359762..5326c3b711c 100644 --- a/2018/7xxx/CVE-2018-7589.json +++ b/2018/7xxx/CVE-2018-7589.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dtschump/CImg/issues/184", - "refsource" : "MISC", - "url" : "https://github.com/dtschump/CImg/issues/184" - }, - { - "name" : "https://github.com/xiaoqx/pocs/tree/master/cimg", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/tree/master/cimg" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dtschump/CImg/issues/184", + "refsource": "MISC", + "url": "https://github.com/dtschump/CImg/issues/184" + }, + { + "name": "https://github.com/xiaoqx/pocs/tree/master/cimg", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/tree/master/cimg" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7828.json b/2018/7xxx/CVE-2018-7828.json index a271ad50e78..25f9e2b986c 100644 --- a/2018/7xxx/CVE-2018-7828.json +++ b/2018/7xxx/CVE-2018-7828.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7828", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7828", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7879.json b/2018/7xxx/CVE-2018-7879.json index cf736ba776c..0ae09557929 100644 --- a/2018/7xxx/CVE-2018-7879.json +++ b/2018/7xxx/CVE-2018-7879.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7879", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7879", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file