diff --git a/1999/0xxx/CVE-1999-0708.json b/1999/0xxx/CVE-1999-0708.json index 651ca3d3488..27d6954979b 100644 --- a/1999/0xxx/CVE-1999-0708.json +++ b/1999/0xxx/CVE-1999-0708.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/651" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0726.json b/1999/0xxx/CVE-1999-0726.json index fef268f8897..7bf7decbdc9 100644 --- a/1999/0xxx/CVE-1999-0726.json +++ b/1999/0xxx/CVE-1999-0726.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS99-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-023" - }, - { - "name" : "Q234557", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234557" - }, - { - "name" : "499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS99-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-023" + }, + { + "name": "Q234557", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234557" + }, + { + "name": "499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/499" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1104.json b/1999/1xxx/CVE-1999-1104.json index 0c93714362c..2d90c89efa1 100644 --- a/1999/1xxx/CVE-1999-1104.json +++ b/1999/1xxx/CVE-1999-1104.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19951205 Cracked: WINDOWS.PWL", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87602167418931&w=2" - }, - { - "name" : "19980121 How to recover private keys for various Microsoft products", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=88540877601866&w=2" - }, - { - "name" : "19980120 How to recover private keys for various Microsoft products", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=88536273725787&w=2" - }, - { - "name" : "Q140557", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/support/kb/articles/q140/5/57.asp" - }, - { - "name" : "win95-nbsmbpwl(71)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/71.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980120 How to recover private keys for various Microsoft products", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=88536273725787&w=2" + }, + { + "name": "win95-nbsmbpwl(71)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/71.php" + }, + { + "name": "Q140557", + "refsource": "MSKB", + "url": "http://support.microsoft.com/support/kb/articles/q140/5/57.asp" + }, + { + "name": "19951205 Cracked: WINDOWS.PWL", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87602167418931&w=2" + }, + { + "name": "19980121 How to recover private keys for various Microsoft products", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=88540877601866&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1378.json b/1999/1xxx/CVE-1999-1378.json index 07ea0409fe2..42270c27c3a 100644 --- a/1999/1xxx/CVE-1999-1378.json +++ b/1999/1xxx/CVE-1999-1378.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990917 improper chroot in dbmlparser.exe", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93250710625956&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990917 improper chroot in dbmlparser.exe", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93250710625956&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1550.json b/1999/1xxx/CVE-1999-1550.json index dce17ae13e3..15e57b4a093 100644 --- a/1999/1xxx/CVE-1999-1550.json +++ b/1999/1xxx/CVE-1999-1550.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the \"file\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991108 BigIP - bigconf.cgi holes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94217006208374&w=2" - }, - { - "name" : "19991109 Re: BigIP - bigconf.cgi holes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94217879020184&w=2" - }, - { - "name" : "19991109 ", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94225879703021&w=2" - }, - { - "name" : "778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/778" - }, - { - "name" : "bigip-bigconf-view-files(7771)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7771.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the \"file\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bigip-bigconf-view-files(7771)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7771.php" + }, + { + "refsource": "BUGTRAQ", + "name": "19991109", + "url": "http://marc.info/?l=bugtraq&m=94225879703021&w=2" + }, + { + "name": "778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/778" + }, + { + "name": "19991108 BigIP - bigconf.cgi holes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94217006208374&w=2" + }, + { + "name": "19991109 Re: BigIP - bigconf.cgi holes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94217879020184&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0171.json b/2000/0xxx/CVE-2000-0171.json index 57d913859f5..0d17b4341fc 100644 --- a/2000/0xxx/CVE-2000-0171.json +++ b/2000/0xxx/CVE-2000-0171.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000311 TESO advisory -- atsadc", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html" - }, - { - "name" : "1048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1048" + }, + { + "name": "20000311 TESO advisory -- atsadc", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0179.json b/2000/0xxx/CVE-2000-0179.json index c141f334990..0247d0be910 100644 --- a/2000/0xxx/CVE-2000-0179.json +++ b/2000/0xxx/CVE-2000-0179.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000228 HP Omniback remote DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html" - }, - { - "name" : "HPSBUX0006-115", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0006-115" - }, - { - "name" : "1015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX0006-115", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0006-115" + }, + { + "name": "20000228 HP Omniback remote DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html" + }, + { + "name": "1015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1015" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0267.json b/2000/0xxx/CVE-2000-0267.json index 57ea5905368..96be91f37bf 100644 --- a/2000/0xxx/CVE-2000-0267.json +++ b/2000/0xxx/CVE-2000-0267.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Catalyst 5.4.x allows a user to gain access to the \"enable\" mode without a password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000419 Cisco Catalyst Enable Password Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml" - }, - { - "name" : "1122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1122" - }, - { - "name" : "1288", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Catalyst 5.4.x allows a user to gain access to the \"enable\" mode without a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1122" + }, + { + "name": "1288", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1288" + }, + { + "name": "20000419 Cisco Catalyst Enable Password Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0459.json b/2000/0xxx/CVE-2000-0459.json index 9cfc5a9115c..c4e011548fd 100644 --- a/2000/0xxx/CVE-2000-0459.json +++ b/2000/0xxx/CVE-2000-0459.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000424 Two Problems in IMP 2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=95672120116627&w=2" - }, - { - "name" : "1361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1361" + }, + { + "name": "20000424 Two Problems in IMP 2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=95672120116627&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0680.json b/2000/0xxx/CVE-2000-0680.json index 957613b8e2d..38c9b807043 100644 --- a/2000/0xxx/CVE-2000-0680.json +++ b/2000/0xxx/CVE-2000-0680.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000728 cvs security problem", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org" - }, - { - "name" : "1524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000728 cvs security problem", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org" + }, + { + "name": "1524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1524" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0807.json b/2000/0xxx/CVE-2000-0807.json index 92466c8cd41..92d5341aafe 100644 --- a/2000/0xxx/CVE-2000-0807.json +++ b/2000/0xxx/CVE-2000-0807.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the \"OPSEC Authentication Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication", - "refsource" : "CONFIRM", - "url" : "http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication" - }, - { - "name" : "fw1-opsec-auth-spoof(5471)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5471" - }, - { - "name" : "4420", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the \"OPSEC Authentication Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication", + "refsource": "CONFIRM", + "url": "http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication" + }, + { + "name": "fw1-opsec-auth-spoof(5471)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5471" + }, + { + "name": "4420", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4420" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1018.json b/2000/1xxx/CVE-2000-1018.json index 312340b2c74..6dab5b30105 100644 --- a/2000/1xxx/CVE-2000-1018.json +++ b/2000/1xxx/CVE-2000-1018.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001010 Shred 1.0 Bug Report", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97119799515246&w=2" - }, - { - "name" : "20001011 Shred v1.0 Fix", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97131166004145&w=2" - }, - { - "name" : "1788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1788" - }, - { - "name" : "shred-recover-files(5722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shred-recover-files(5722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5722" + }, + { + "name": "20001011 Shred v1.0 Fix", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97131166004145&w=2" + }, + { + "name": "20001010 Shred 1.0 Bug Report", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97119799515246&w=2" + }, + { + "name": "1788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1788" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1246.json b/2000/1xxx/CVE-2000-1246.json index 994a08d2d9f..45a4d8eea14 100644 --- a/2000/1xxx/CVE-2000-1246.json +++ b/2000/1xxx/CVE-2000-1246.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2588.json b/2005/2xxx/CVE-2005-2588.json index f8318a449ba..93e08130848 100644 --- a/2005/2xxx/CVE-2005-2588.json +++ b/2005/2xxx/CVE-2005-2588.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/08/dvbbs-multiple-variable-cross-site.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/08/dvbbs-multiple-variable-cross-site.html" - }, - { - "name" : "14498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14498" - }, - { - "name" : "18512", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18512" - }, - { - "name" : "1014632", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014632" - }, - { - "name" : "16131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14498" + }, + { + "name": "18512", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18512" + }, + { + "name": "1014632", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014632" + }, + { + "name": "16131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16131" + }, + { + "name": "http://lostmon.blogspot.com/2005/08/dvbbs-multiple-variable-cross-site.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/08/dvbbs-multiple-variable-cross-site.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2769.json b/2005/2xxx/CVE-2005-2769.json index 3e4c9142fb2..ad8fd207db1 100644 --- a/2005/2xxx/CVE-2005-2769.json +++ b/2005/2xxx/CVE-2005-2769.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain \">\" or other special characters, which is not properly sanitized by SqWebMail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050829 Secunia Research: SqWebMail HTML Emails Script Insertion", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112534112715638&w=2" - }, - { - "name" : "20050829 Secunia Research: SqWebMail HTML Emails Script Insertion Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2005/Aug/975" - }, - { - "name" : "http://secunia.com/secunia_research/2005-39/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-39/advisory/" - }, - { - "name" : "USN-201-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-201-1" - }, - { - "name" : "14676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14676" - }, - { - "name" : "16600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16600/" - }, - { - "name" : "17156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17156" - }, - { - "name" : "sqwebmail-html-xss(22043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain \">\" or other special characters, which is not properly sanitized by SqWebMail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16600/" + }, + { + "name": "20050829 Secunia Research: SqWebMail HTML Emails Script Insertion Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2005/Aug/975" + }, + { + "name": "http://secunia.com/secunia_research/2005-39/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-39/advisory/" + }, + { + "name": "14676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14676" + }, + { + "name": "17156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17156" + }, + { + "name": "sqwebmail-html-xss(22043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22043" + }, + { + "name": "USN-201-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-201-1" + }, + { + "name": "20050829 Secunia Research: SqWebMail HTML Emails Script Insertion", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112534112715638&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2892.json b/2005/2xxx/CVE-2005-2892.json index f3f94acbc71..490cd510c57 100644 --- a/2005/2xxx/CVE-2005-2892.json +++ b/2005/2xxx/CVE-2005-2892.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via \"..\" sequences and \"%00\" (trailing null byte) in the u parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050907 PBLang 4.65 (possibly prior versions) remote code execution / administrative credentials disclosure / system information disclosure / cross site scripting / path disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112611338417979&w=2" - }, - { - "name" : "14765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14765" - }, - { - "name" : "1014861", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2005/Sep/1014861.html" - }, - { - "name" : "16711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16711/" - }, - { - "name" : "pblang-directory-traversal(22185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via \"..\" sequences and \"%00\" (trailing null byte) in the u parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014861", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2005/Sep/1014861.html" + }, + { + "name": "20050907 PBLang 4.65 (possibly prior versions) remote code execution / administrative credentials disclosure / system information disclosure / cross site scripting / path disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112611338417979&w=2" + }, + { + "name": "14765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14765" + }, + { + "name": "16711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16711/" + }, + { + "name": "pblang-directory-traversal(22185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22185" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3090.json b/2005/3xxx/CVE-2005-3090.json index 8ec09a5b569..fe7cdff6970 100644 --- a/2005/3xxx/CVE-2005-3090.json +++ b/2005/3xxx/CVE-2005-3090.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112786017426276&w=2" - }, - { - "name" : "DSA-778", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-778", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-778" + }, + { + "name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112786017426276&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3437.json b/2005/3xxx/CVE-2005-3437.json index f960007c479..13d857fe8a9 100644 --- a/2005/3xxx/CVE-2005-3437.json +++ b/2005/3xxx/CVE-2005-3437.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3662.json b/2005/3xxx/CVE-2005-3662.json index f8a3c7455ed..4a79cfd72ed 100644 --- a/2005/3xxx/CVE-2005-3662.json +++ b/2005/3xxx/CVE-2005-3662.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=370545", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=370545" - }, - { - "name" : "DSA-904", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-904" - }, - { - "name" : "MDKSA-2005:217", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:217" - }, - { - "name" : "RHSA-2005:843", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-843.html" - }, - { - "name" : "20060101-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" - }, - { - "name" : "SUSE-SR:2005:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_28_sr.html" - }, - { - "name" : "USN-218-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/218-1/" - }, - { - "name" : "15427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15427" - }, - { - "name" : "oval:org.mitre.oval:def:9583", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9583" - }, - { - "name" : "ADV-2005-2418", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2418" - }, - { - "name" : "17544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17544" - }, - { - "name" : "17679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17679" - }, - { - "name" : "17828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17828" - }, - { - "name" : "18186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18186" - }, - { - "name" : "18517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18517" - }, - { - "name" : "17671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:9583", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9583" + }, + { + "name": "SUSE-SR:2005:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html" + }, + { + "name": "RHSA-2005:843", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-843.html" + }, + { + "name": "15427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15427" + }, + { + "name": "17544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17544" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=370545", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=370545" + }, + { + "name": "20060101-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" + }, + { + "name": "ADV-2005-2418", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2418" + }, + { + "name": "MDKSA-2005:217", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:217" + }, + { + "name": "17679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17679" + }, + { + "name": "17828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17828" + }, + { + "name": "18186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18186" + }, + { + "name": "18517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18517" + }, + { + "name": "17671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17671" + }, + { + "name": "USN-218-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/218-1/" + }, + { + "name": "DSA-904", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-904" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3783.json b/2005/3xxx/CVE-2005-3783.json index 2ade1e6c454..735d5dc25aa 100644 --- a/2005/3xxx/CVE-2005-3783.json +++ b/2005/3xxx/CVE-2005-3783.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.2" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174075", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174075" - }, - { - "name" : "DSA-1017", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1017" - }, - { - "name" : "DSA-1018", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1018" - }, - { - "name" : "MDKSA-2006:018", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:018" - }, - { - "name" : "MDKSA-2006:072", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072" - }, - { - "name" : "20060402-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" - }, - { - "name" : "SUSE-SA:2005:067", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/advisories/9806" - }, - { - "name" : "SUSE-SA:2005:068", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/archive/1/419522/100/0/threaded" - }, - { - "name" : "USN-231-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/231-1/" - }, - { - "name" : "15642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15642" - }, - { - "name" : "17761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17761" - }, - { - "name" : "17917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17917" - }, - { - "name" : "17918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17918" - }, - { - "name" : "18203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18203" - }, - { - "name" : "17787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17787" - }, - { - "name" : "19374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19374" - }, - { - "name" : "19369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19369" - }, - { - "name" : "19607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17917" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c" + }, + { + "name": "SUSE-SA:2005:067", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/advisories/9806" + }, + { + "name": "19369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19369" + }, + { + "name": "18203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18203" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174075", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174075" + }, + { + "name": "DSA-1018", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1018" + }, + { + "name": "19607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19607" + }, + { + "name": "SUSE-SA:2005:068", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409" + }, + { + "name": "17761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17761" + }, + { + "name": "20060402-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" + }, + { + "name": "MDKSA-2006:018", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:018" + }, + { + "name": "MDKSA-2006:072", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072" + }, + { + "name": "17918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17918" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.2" + }, + { + "name": "DSA-1017", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1017" + }, + { + "name": "15642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15642" + }, + { + "name": "19374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19374" + }, + { + "name": "USN-231-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/231-1/" + }, + { + "name": "17787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17787" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3800.json b/2005/3xxx/CVE-2005-3800.json index 642ded9ecec..0125aa2870c 100644 --- a/2005/3xxx/CVE-2005-3800.json +++ b/2005/3xxx/CVE-2005-3800.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-08.html" - }, - { - "name" : "15438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15438" - }, - { - "name" : "ADV-2005-2440", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2440" - }, - { - "name" : "1015221", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015221" - }, - { - "name" : "17613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17613/" - }, - { - "name" : "contribute-publishing-weak-encryption(23081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015221", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015221" + }, + { + "name": "contribute-publishing-weak-encryption(23081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23081" + }, + { + "name": "ADV-2005-2440", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2440" + }, + { + "name": "17613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17613/" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-08.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-08.html" + }, + { + "name": "15438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15438" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2137.json b/2009/2xxx/CVE-2009-2137.json index 2163e1529ee..378e3cd594c 100644 --- a/2009/2xxx/CVE-2009-2137.json +++ b/2009/2xxx/CVE-2009-2137.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140386-03-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140386-03-1" - }, - { - "name" : "258828", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258828-1" - }, - { - "name" : "55234", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55234" - }, - { - "name" : "35403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (memory consumption) via unspecified vectors related to a large keylen value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "258828", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258828-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140386-03-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140386-03-1" + }, + { + "name": "55234", + "refsource": "OSVDB", + "url": "http://osvdb.org/55234" + }, + { + "name": "35403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35403" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2179.json b/2009/2xxx/CVE-2009-2179.json index 56841295013..e3ea2055a3b 100644 --- a/2009/2xxx/CVE-2009-2179.json +++ b/2009/2xxx/CVE-2009-2179.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8990", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8990" - }, - { - "name" : "55315", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8990", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8990" + }, + { + "name": "55315", + "refsource": "OSVDB", + "url": "http://osvdb.org/55315" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2350.json b/2009/2xxx/CVE-2009-2350.json index 26c151530b9..f9f5d51edec 100644 --- a/2009/2xxx/CVE-2009-2350.json +++ b/2009/2xxx/CVE-2009-2350.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504718/100/0/threaded" - }, - { - "name" : "20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504723/100/0/threaded" - }, - { - "name" : "http://websecurity.com.ua/3275/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/3275/" - }, - { - "name" : "http://websecurity.com.ua/3386/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/3386/" - }, - { - "name" : "35570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://websecurity.com.ua/3386/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/3386/" + }, + { + "name": "http://websecurity.com.ua/3275/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/3275/" + }, + { + "name": "20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504723/100/0/threaded" + }, + { + "name": "20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504718/100/0/threaded" + }, + { + "name": "35570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35570" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2489.json b/2009/2xxx/CVE-2009-2489.json index 9c39ca24147..f0512df34f9 100644 --- a/2009/2xxx/CVE-2009-2489.json +++ b/2009/2xxx/CVE-2009-2489.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1" - }, - { - "name" : "252226", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-252226-1" - }, - { - "name" : "ADV-2009-1915", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1915" - }, - { - "name" : "sunray-utdmsession-unauth-acces(51743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sunray-utdmsession-unauth-acces(51743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51743" + }, + { + "name": "252226", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-252226-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1" + }, + { + "name": "ADV-2009-1915", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1915" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2644.json b/2009/2xxx/CVE-2009-2644.json index 057f70fd02a..68dcac381a0 100644 --- a/2009/2xxx/CVE-2009-2644.json +++ b/2009/2xxx/CVE-2009-2644.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to \"pathnames for invalid fds.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-42-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-42-1" - }, - { - "name" : "264429", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264429-1" - }, - { - "name" : "1020766", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020766.1-1" - }, - { - "name" : "35835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35835" - }, - { - "name" : "oval:org.mitre.oval:def:6168", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6168" - }, - { - "name" : "36042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36042" - }, - { - "name" : "ADV-2009-2022", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to \"pathnames for invalid fds.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2022", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2022" + }, + { + "name": "1020766", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020766.1-1" + }, + { + "name": "oval:org.mitre.oval:def:6168", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6168" + }, + { + "name": "264429", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264429-1" + }, + { + "name": "36042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36042" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-42-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-42-1" + }, + { + "name": "35835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35835" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2949.json b/2009/2xxx/CVE-2009-2949.json index 6d2d8a56734..c775ab76a01 100644 --- a/2009/2xxx/CVE-2009-2949.json +++ b/2009/2xxx/CVE-2009-2949.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openoffice.org/security/bulletin.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/bulletin.html" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2009-2949.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2009-2949.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=527540", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=527540" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "DSA-1995", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1995" - }, - { - "name" : "GLSA-201408-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" - }, - { - "name" : "MDVSA-2010:221", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" - }, - { - "name" : "RHSA-2010:0101", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0101.html" - }, - { - "name" : "SUSE-SA:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" - }, - { - "name" : "USN-903-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-903-1" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - }, - { - "name" : "38218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38218" - }, - { - "name" : "oval:org.mitre.oval:def:10176", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10176" - }, - { - "name" : "1023591", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023591" - }, - { - "name" : "38567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38567" - }, - { - "name" : "38568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38568" - }, - { - "name" : "38695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38695" - }, - { - "name" : "38921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38921" - }, - { - "name" : "60799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60799" - }, - { - "name" : "41818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41818" - }, - { - "name" : "ADV-2010-0366", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0366" - }, - { - "name" : "ADV-2010-0635", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0635" - }, - { - "name" : "ADV-2010-2905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2905" - }, - { - "name" : "openoffice-xpm-bo(56236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:221", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" + }, + { + "name": "60799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60799" + }, + { + "name": "GLSA-201408-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" + }, + { + "name": "38695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38695" + }, + { + "name": "DSA-1995", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1995" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2009-2949.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2009-2949.html" + }, + { + "name": "USN-903-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-903-1" + }, + { + "name": "ADV-2010-0366", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0366" + }, + { + "name": "SUSE-SA:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" + }, + { + "name": "38567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38567" + }, + { + "name": "oval:org.mitre.oval:def:10176", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10176" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "38218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38218" + }, + { + "name": "ADV-2010-0635", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0635" + }, + { + "name": "38568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38568" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=527540", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=527540" + }, + { + "name": "1023591", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023591" + }, + { + "name": "openoffice-xpm-bo(56236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56236" + }, + { + "name": "http://www.openoffice.org/security/bulletin.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/bulletin.html" + }, + { + "name": "41818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41818" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + }, + { + "name": "RHSA-2010:0101", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0101.html" + }, + { + "name": "38921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38921" + }, + { + "name": "ADV-2010-2905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2905" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3045.json b/2009/3xxx/CVE-2009-3045.json index 0e2f999206a..35a36e98e7d 100644 --- a/2009/3xxx/CVE-2009-3045.json +++ b/2009/3xxx/CVE-2009-3045.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/freebsd/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/freebsd/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/linux/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/solaris/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/solaris/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1000/" - }, - { - "name" : "http://www.opera.com/support/kb/view/933/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/933/" - }, - { - "name" : "oval:org.mitre.oval:def:6442", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/freebsd/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/freebsd/1000/" + }, + { + "name": "oval:org.mitre.oval:def:6442", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6442" + }, + { + "name": "http://www.opera.com/docs/changelogs/solaris/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/solaris/1000/" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/1000/" + }, + { + "name": "http://www.opera.com/support/kb/view/933/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/933/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1000/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1000/" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3913.json b/2009/3xxx/CVE-2009-3913.json index 04d8498fdf4..c2fc2ab6e53 100644 --- a/2009/3xxx/CVE-2009-3913.json +++ b/2009/3xxx/CVE-2009-3913.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091103 New vulnerability in Xerox Fiery Webtools", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507650/100/0/threaded" - }, - { - "name" : "36906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36906" - }, - { - "name" : "webtools-summary-sql-injection(54137)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091103 New vulnerability in Xerox Fiery Webtools", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507650/100/0/threaded" + }, + { + "name": "webtools-summary-sql-injection(54137)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54137" + }, + { + "name": "36906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36906" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3965.json b/2009/3xxx/CVE-2009-3965.json index 0bb0a814e62..905d9e3c956 100644 --- a/2009/3xxx/CVE-2009-3965.json +++ b/2009/3xxx/CVE-2009-3965.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9499", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9499", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9499" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0234.json b/2015/0xxx/CVE-2015-0234.json index fa65441d0cd..92008a81075 100644 --- a/2015/0xxx/CVE-2015-0234.json +++ b/2015/0xxx/CVE-2015-0234.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple temporary file creation vulnerabilities in pki-core 10.2.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html", - "refsource" : "MISC", - "url" : "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183176", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple temporary file creation vulnerabilities in pki-core 10.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1183176", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183176" + }, + { + "name": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html", + "refsource": "MISC", + "url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0352.json b/2015/0xxx/CVE-2015-0352.json index c19cfb7b305..fb400c7cff7 100644 --- a/2015/0xxx/CVE-2015-0352.json +++ b/2015/0xxx/CVE-2015-0352.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html" - }, - { - "name" : "GLSA-201504-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-07" - }, - { - "name" : "RHSA-2015:0813", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0813.html" - }, - { - "name" : "SUSE-SU-2015:0722", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:0723", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:0718", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0725", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" - }, - { - "name" : "74062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74062" - }, - { - "name" : "1032105", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0718", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html" + }, + { + "name": "SUSE-SU-2015:0722", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html" + }, + { + "name": "74062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74062" + }, + { + "name": "GLSA-201504-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-07" + }, + { + "name": "1032105", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032105" + }, + { + "name": "RHSA-2015:0813", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0813.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html" + }, + { + "name": "openSUSE-SU-2015:0725", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" + }, + { + "name": "SUSE-SU-2015:0723", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0774.json b/2015/0xxx/CVE-2015-0774.json index d7451ef3a75..e02e5366089 100644 --- a/2015/0xxx/CVE-2015-0774.json +++ b/2015/0xxx/CVE-2015-0774.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150609 Cisco Application and Content Networking System URL Page Return Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39257" - }, - { - "name" : "1032539", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032539", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032539" + }, + { + "name": "20150609 Cisco Application and Content Networking System URL Page Return Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39257" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0786.json b/2015/0xxx/CVE-2015-0786.json index 7dce1a70cb7..206c7792bc8 100644 --- a/2015/0xxx/CVE-2015-0786.json +++ b/2015/0xxx/CVE-2015-0786.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2015-0786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-153", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-153" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7016431", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7016431" - }, - { - "name" : "74290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74290" - }, - { - "name" : "1032166", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032166", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032166" + }, + { + "name": "https://www.novell.com/support/kb/doc.php?id=7016431", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7016431" + }, + { + "name": "74290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74290" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-153", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-153" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0868.json b/2015/0xxx/CVE-2015-0868.json index 86232b7db44..34583e8359a 100644 --- a/2015/0xxx/CVE-2015-0868.json +++ b/2015/0xxx/CVE-2015-0868.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS before 2.91 allows remote attackers to execute arbitrary code by uploading an executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-0868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.t-okada.com/cgi-bin/sb2_data/sb2_data_news.cgi?action=data_list&cat=16#495", - "refsource" : "CONFIRM", - "url" : "http://www.t-okada.com/cgi-bin/sb2_data/sb2_data_news.cgi?action=data_list&cat=16#495" - }, - { - "name" : "JVN#94502417", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN94502417/index.html" - }, - { - "name" : "JVNDB-2015-000008", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS before 2.91 allows remote attackers to execute arbitrary code by uploading an executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000008", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000008" + }, + { + "name": "JVN#94502417", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN94502417/index.html" + }, + { + "name": "http://www.t-okada.com/cgi-bin/sb2_data/sb2_data_news.cgi?action=data_list&cat=16#495", + "refsource": "CONFIRM", + "url": "http://www.t-okada.com/cgi-bin/sb2_data/sb2_data_news.cgi?action=data_list&cat=16#495" + } + ] + } +} \ No newline at end of file diff --git a/2015/1000xxx/CVE-2015-1000003.json b/2015/1000xxx/CVE-2015-1000003.json index 9dcbc32ea56..2bee13e4ca0 100644 --- a/2015/1000xxx/CVE-2015-1000003.json +++ b/2015/1000xxx/CVE-2015-1000003.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1000003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blind SQL Injection in filedownload v1.4 wordpress plugin" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1000003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=140", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=140" - }, - { - "name" : "97106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blind SQL Injection in filedownload v1.4 wordpress plugin" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/advisory.php?v=140", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=140" + }, + { + "name": "97106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97106" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1824.json b/2015/1xxx/CVE-2015-1824.json index 6f4a7225318..4b36fd2c1b1 100644 --- a/2015/1xxx/CVE-2015-1824.json +++ b/2015/1xxx/CVE-2015-1824.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1824", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1824", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1892.json b/2015/1xxx/CVE-2015-1892.json index bb162976c38..b8973652011 100644 --- a/2015/1xxx/CVE-2015-1892.json +++ b/2015/1xxx/CVE-2015-1892.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699497", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699497" - }, - { - "name" : "IV70911", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911" - }, - { - "name" : "IV70913", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913" - }, - { - "name" : "VU#550620", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/550620" - }, - { - "name" : "73683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73683" + }, + { + "name": "VU#550620", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/550620" + }, + { + "name": "IV70911", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911" + }, + { + "name": "IV70913", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4009.json b/2015/4xxx/CVE-2015-4009.json index 08f8123ffdf..09e19d03180 100644 --- a/2015/4xxx/CVE-2015-4009.json +++ b/2015/4xxx/CVE-2015-4009.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4009", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4009", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4081.json b/2015/4xxx/CVE-2015-4081.json index a87bba40a9b..0349f0bf86c 100644 --- a/2015/4xxx/CVE-2015-4081.json +++ b/2015/4xxx/CVE-2015-4081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4081", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4081", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4464.json b/2015/4xxx/CVE-2015-4464.json index d86b5e9ea85..2b0164922f9 100644 --- a/2015/4xxx/CVE-2015-4464.json +++ b/2015/4xxx/CVE-2015-4464.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150624 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535822/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html" - }, - { - "name" : "https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities" - }, - { - "name" : "73032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html" + }, + { + "name": "20150624 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535822/100/0/threaded" + }, + { + "name": "https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities", + "refsource": "MISC", + "url": "https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities" + }, + { + "name": "73032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73032" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4684.json b/2015/4xxx/CVE-2015-4684.json index 6aadc18700f..572eb4cedba 100644 --- a/2015/4xxx/CVE-2015-4684.json +++ b/2015/4xxx/CVE-2015-4684.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150626 SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535852/100/0/threaded" - }, - { - "name" : "37449", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37449/" - }, - { - "name" : "20150626 SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/81" - }, - { - "name" : "http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html" - }, - { - "name" : "https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf", - "refsource" : "CONFIRM", - "url" : "https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf" - }, - { - "name" : "75432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150626 SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535852/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html" + }, + { + "name": "20150626 SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/81" + }, + { + "name": "37449", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37449/" + }, + { + "name": "75432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75432" + }, + { + "name": "https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf", + "refsource": "CONFIRM", + "url": "https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4791.json b/2015/4xxx/CVE-2015-4791.json index 43f0c0951f1..b83b1834658 100644 --- a/2015/4xxx/CVE-2015-4791.json +++ b/2015/4xxx/CVE-2015-4791.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "77213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77213" - }, - { - "name" : "1033894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033894" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "77213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77213" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8139.json b/2015/8xxx/CVE-2015-8139.json index 3a19b125948..8b5886ba820 100644 --- a/2015/8xxx/CVE-2015-8139.json +++ b/2015/8xxx/CVE-2015-8139.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug2946", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug2946" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa113", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa113" - }, - { - "name" : "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd" - }, - { - "name" : "FEDORA-2016-50b0066b7f", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/" - }, - { - "name" : "FEDORA-2016-89e0874533", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/" - }, - { - "name" : "FEDORA-2016-c3bd6a3496", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/" - }, - { - "name" : "FreeBSD-SA-16:09", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc" - }, - { - "name" : "GLSA-201607-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-15" - }, - { - "name" : "SUSE-SU-2016:1175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html" - }, - { - "name" : "SUSE-SU-2016:1177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html" - }, - { - "name" : "SUSE-SU-2016:1247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:1311", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" - }, - { - "name" : "openSUSE-SU-2016:1292", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html" - }, - { - "name" : "openSUSE-SU-2016:1423", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" - }, - { - "name" : "VU#718152", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/718152" - }, - { - "name" : "82105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/82105" - }, - { - "name" : "1034782", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd" + }, + { + "name": "FEDORA-2016-c3bd6a3496", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/" + }, + { + "name": "SUSE-SU-2016:1177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html" + }, + { + "name": "FEDORA-2016-89e0874533", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/" + }, + { + "name": "1034782", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034782" + }, + { + "name": "openSUSE-SU-2016:1292", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html" + }, + { + "name": "VU#718152", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/718152" + }, + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug2946", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug2946" + }, + { + "name": "SUSE-SU-2016:1247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" + }, + { + "name": "82105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/82105" + }, + { + "name": "SUSE-SU-2016:1311", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" + }, + { + "name": "FEDORA-2016-50b0066b7f", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/" + }, + { + "name": "SUSE-SU-2016:1175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html" + }, + { + "name": "FreeBSD-SA-16:09", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa113", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa113" + }, + { + "name": "openSUSE-SU-2016:1423", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" + }, + { + "name": "GLSA-201607-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-15" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8555.json b/2015/8xxx/CVE-2015-8555.json index e3f98fd55f0..dbc9f3fee39 100644 --- a/2015/8xxx/CVE-2015-8555.json +++ b/2015/8xxx/CVE-2015-8555.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX203879", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX203879" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-165.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-165.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "DSA-3519", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3519" - }, - { - "name" : "GLSA-201604-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-03" - }, - { - "name" : "79543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79543" - }, - { - "name" : "1034477", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "DSA-3519", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3519" + }, + { + "name": "1034477", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034477" + }, + { + "name": "79543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79543" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-165.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-165.html" + }, + { + "name": "GLSA-201604-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-03" + }, + { + "name": "http://support.citrix.com/article/CTX203879", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX203879" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9228.json b/2015/9xxx/CVE-2015-9228.json index aa52dbf4dcb..7df8cc7a8d9 100644 --- a/2015/9xxx/CVE-2015-9228.json +++ b/2015/9xxx/CVE-2015-9228.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2015/10/27/6", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/27/6" - }, - { - "name" : "https://github.com/cybersecurityworks/Disclosed/issues/6", - "refsource" : "MISC", - "url" : "https://github.com/cybersecurityworks/Disclosed/issues/6" - }, - { - "name" : "https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html" - }, - { - "name" : "https://wordpress.org/plugins/nextgen-gallery/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/nextgen-gallery/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cybersecurityworks/Disclosed/issues/6", + "refsource": "MISC", + "url": "https://github.com/cybersecurityworks/Disclosed/issues/6" + }, + { + "name": "https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html" + }, + { + "name": "https://wordpress.org/plugins/nextgen-gallery/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/nextgen-gallery/#developers" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2015/10/27/6", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2015/10/27/6" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2031.json b/2018/2xxx/CVE-2018-2031.json index 4cc5097c85f..afcadc33968 100644 --- a/2018/2xxx/CVE-2018-2031.json +++ b/2018/2xxx/CVE-2018-2031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2031", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2031", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2220.json b/2018/2xxx/CVE-2018-2220.json index 858b294aeda..be7236c3d79 100644 --- a/2018/2xxx/CVE-2018-2220.json +++ b/2018/2xxx/CVE-2018-2220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2220", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2220", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2804.json b/2018/2xxx/CVE-2018-2804.json index 653d19880bc..f56ea9e4437 100644 --- a/2018/2xxx/CVE-2018-2804.json +++ b/2018/2xxx/CVE-2018-2804.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Object Library", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: DB Privileges). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Object Library", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103842" - }, - { - "name" : "1040694", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: DB Privileges). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040694", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040694" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "103842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103842" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2838.json b/2018/2xxx/CVE-2018-2838.json index eb4bbc61bb5..5d11ffcb6d8 100644 --- a/2018/2xxx/CVE-2018-2838.json +++ b/2018/2xxx/CVE-2018-2838.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PRTL Interaction Hub", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PRTL Interaction Hub", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103911" - }, - { - "name" : "1040701", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "103911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103911" + }, + { + "name": "1040701", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040701" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2846.json b/2018/2xxx/CVE-2018-2846.json index c171a943fbf..eaae6ca8924 100644 --- a/2018/2xxx/CVE-2018-2846.json +++ b/2018/2xxx/CVE-2018-2846.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.21 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.21 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180419-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180419-0002/" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3629-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-1/" - }, - { - "name" : "USN-3629-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-3/" - }, - { - "name" : "103790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103790" - }, - { - "name" : "1040698", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040698", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040698" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180419-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180419-0002/" + }, + { + "name": "103790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103790" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "USN-3629-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-1/" + }, + { + "name": "USN-3629-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2862.json b/2018/2xxx/CVE-2018-2862.json index 5f73ca7b176..3dadddfaf39 100644 --- a/2018/2xxx/CVE-2018-2862.json +++ b/2018/2xxx/CVE-2018-2862.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Retail Point-of-Service", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "13.3.8" - }, - { - "version_affected" : "=", - "version_value" : "13.4.9" - }, - { - "version_affected" : "=", - "version_value" : "14.0.4" - }, - { - "version_affected" : "=", - "version_value" : "14.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface). Supported versions that are affected are 13.3.8, 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Point-of-Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Point-of-Service accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Point-of-Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Point-of-Service accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Point-of-Service", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.3.8" + }, + { + "version_affected": "=", + "version_value": "13.4.9" + }, + { + "version_affected": "=", + "version_value": "14.0.4" + }, + { + "version_affected": "=", + "version_value": "14.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface). Supported versions that are affected are 13.3.8, 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Point-of-Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Point-of-Service accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Point-of-Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Point-of-Service accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "103803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103803" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3280.json b/2018/3xxx/CVE-2018-3280.json index efada3d09e5..748c105c388 100644 --- a/2018/3xxx/CVE-2018-3280.json +++ b/2018/3xxx/CVE-2018-3280.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "105607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105607" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "105607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105607" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3608.json b/2018/3xxx/CVE-2018-3608.json index 6580cd5af2f..615faf250de 100644 --- a/2018/3xxx/CVE-2018-3608.json +++ b/2018/3xxx/CVE-2018-3608.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-3608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Maximum Security (Consumer)", - "version" : { - "version_data" : [ - { - "version_value" : "2018 (12.0.1191)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OTHER - Process Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-3608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Maximum Security (Consumer)", + "version": { + "version_data": [ + { + "version_value": "2018 (12.0.1191)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx", - "refsource" : "MISC", - "url" : "http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx" - }, - { - "name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx", - "refsource" : "MISC", - "url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OTHER - Process Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx", + "refsource": "MISC", + "url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx" + }, + { + "name": "http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx", + "refsource": "MISC", + "url": "http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6076.json b/2018/6xxx/CVE-2018-6076.json index 3ff8faa69a1..dada6383e6f 100644 --- a/2018/6xxx/CVE-2018-6076.json +++ b/2018/6xxx/CVE-2018-6076.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65.0.3325.146" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65.0.3325.146" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/758523", - "refsource" : "MISC", - "url" : "https://crbug.com/758523" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "RHSA-2018:0484", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0484" - }, - { - "name" : "103297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" + }, + { + "name": "103297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103297" + }, + { + "name": "https://crbug.com/758523", + "refsource": "MISC", + "url": "https://crbug.com/758523" + }, + { + "name": "RHSA-2018:0484", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0484" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6711.json b/2018/6xxx/CVE-2018-6711.json index b94e6f098aa..753de2276e8 100644 --- a/2018/6xxx/CVE-2018-6711.json +++ b/2018/6xxx/CVE-2018-6711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7953.json b/2018/7xxx/CVE-2018-7953.json index 7fbadc0c3c5..f04e94e2820 100644 --- a/2018/7xxx/CVE-2018-7953.json +++ b/2018/7xxx/CVE-2018-7953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7953", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7953", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5008.json b/2019/5xxx/CVE-2019-5008.json index 60857751e4d..592d4f06c47 100644 --- a/2019/5xxx/CVE-2019-5008.json +++ b/2019/5xxx/CVE-2019-5008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5278.json b/2019/5xxx/CVE-2019-5278.json index a55da563e8f..a4aba65f3b4 100644 --- a/2019/5xxx/CVE-2019-5278.json +++ b/2019/5xxx/CVE-2019-5278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5278", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5278", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file