From 1780ecdd231885276450f02886b47f1ab005ee4d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:13:26 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0823.json | 130 ++++++------ 1999/0xxx/CVE-1999-0917.json | 130 ++++++------ 1999/1xxx/CVE-1999-1069.json | 140 ++++++------ 1999/1xxx/CVE-1999-1391.json | 150 ++++++------- 1999/1xxx/CVE-1999-1564.json | 120 +++++------ 2000/0xxx/CVE-2000-0349.json | 120 +++++------ 2000/0xxx/CVE-2000-0377.json | 150 ++++++------- 2000/0xxx/CVE-2000-0442.json | 140 ++++++------ 2000/0xxx/CVE-2000-0733.json | 140 ++++++------ 2000/0xxx/CVE-2000-0915.json | 160 +++++++------- 2000/1xxx/CVE-2000-1147.json | 140 ++++++------ 2005/2xxx/CVE-2005-2701.json | 400 +++++++++++++++++------------------ 2005/2xxx/CVE-2005-2722.json | 120 +++++------ 2005/2xxx/CVE-2005-2754.json | 190 ++++++++--------- 2005/3xxx/CVE-2005-3219.json | 130 ++++++------ 2005/3xxx/CVE-2005-3364.json | 190 ++++++++--------- 2005/3xxx/CVE-2005-3453.json | 160 +++++++------- 2005/3xxx/CVE-2005-3834.json | 160 +++++++------- 2005/3xxx/CVE-2005-3980.json | 190 ++++++++--------- 2005/4xxx/CVE-2005-4700.json | 160 +++++++------- 2009/2xxx/CVE-2009-2595.json | 170 +++++++-------- 2009/2xxx/CVE-2009-2764.json | 130 ++++++------ 2009/3xxx/CVE-2009-3221.json | 160 +++++++------- 2009/3xxx/CVE-2009-3621.json | 370 ++++++++++++++++---------------- 2015/0xxx/CVE-2015-0849.json | 34 +-- 2015/0xxx/CVE-2015-0857.json | 140 ++++++------ 2015/0xxx/CVE-2015-0931.json | 120 +++++------ 2015/1xxx/CVE-2015-1300.json | 210 +++++++++--------- 2015/1xxx/CVE-2015-1364.json | 140 ++++++------ 2015/1xxx/CVE-2015-1589.json | 150 ++++++------- 2015/1xxx/CVE-2015-1703.json | 140 ++++++------ 2015/1xxx/CVE-2015-1772.json | 150 ++++++------- 2015/1xxx/CVE-2015-1817.json | 130 ++++++------ 2015/4xxx/CVE-2015-4266.json | 130 ++++++------ 2015/4xxx/CVE-2015-4470.json | 140 ++++++------ 2015/4xxx/CVE-2015-4945.json | 120 +++++------ 2015/8xxx/CVE-2015-8601.json | 130 ++++++------ 2015/9xxx/CVE-2015-9028.json | 140 ++++++------ 2018/2xxx/CVE-2018-2081.json | 34 +-- 2018/2xxx/CVE-2018-2245.json | 34 +-- 2018/2xxx/CVE-2018-2446.json | 156 +++++++------- 2018/2xxx/CVE-2018-2589.json | 148 ++++++------- 2018/2xxx/CVE-2018-2723.json | 150 ++++++------- 2018/2xxx/CVE-2018-2999.json | 142 ++++++------- 2018/3xxx/CVE-2018-3042.json | 174 +++++++-------- 2018/6xxx/CVE-2018-6215.json | 34 +-- 2018/6xxx/CVE-2018-6330.json | 34 +-- 2018/6xxx/CVE-2018-6706.json | 238 ++++++++++----------- 2018/6xxx/CVE-2018-6725.json | 34 +-- 2018/6xxx/CVE-2018-6879.json | 120 +++++------ 2018/7xxx/CVE-2018-7096.json | 130 ++++++------ 2018/7xxx/CVE-2018-7313.json | 120 +++++------ 2018/7xxx/CVE-2018-7598.json | 34 +-- 2019/5xxx/CVE-2019-5686.json | 34 +-- 54 files changed, 3770 insertions(+), 3770 deletions(-) diff --git a/1999/0xxx/CVE-1999-0823.json b/1999/0xxx/CVE-1999-0823.json index 9ad0ba7fa39..26863cf4d3c 100644 --- a/1999/0xxx/CVE-1999-0823.json +++ b/1999/0xxx/CVE-1999-0823.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/839" - }, - { - "name" : "1150", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1150", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1150" + }, + { + "name": "839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/839" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0917.json b/1999/0xxx/CVE-1999-0917.json index 5d706aec0bf..ae2f582146a 100644 --- a/1999/0xxx/CVE-1999-0917.json +++ b/1999/0xxx/CVE-1999-0917.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS99-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-018" - }, - { - "name" : "Q231452", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q231452", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231452" + }, + { + "name": "MS99-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-018" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1069.json b/1999/1xxx/CVE-1999-1069.json index 3072d1f7481..dc10dc3a19a 100644 --- a/1999/1xxx/CVE-1999-1069.json +++ b/1999/1xxx/CVE-1999-1069.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19971108 Security bug in iCat Suite version 3.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/7943" - }, - { - "name" : "2126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2126" - }, - { - "name" : "icat-carbo-server-vuln(1620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "icat-carbo-server-vuln(1620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1620" + }, + { + "name": "19971108 Security bug in iCat Suite version 3.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/7943" + }, + { + "name": "2126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2126" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1391.json b/1999/1xxx/CVE-1999-1391.json index 157e5a0c42d..26491279f72 100644 --- a/1999/1xxx/CVE-1999-1391.json +++ b/1999/1xxx/CVE-1999-1391.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1990-06", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1990-06.html" - }, - { - "name" : "B-01", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/b-01.shtml" - }, - { - "name" : "10", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10" - }, - { - "name" : "nextstep-npd-root-access(7143)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7143.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10" + }, + { + "name": "CA-1990-06", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1990-06.html" + }, + { + "name": "nextstep-npd-root-access(7143)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7143.php" + }, + { + "name": "B-01", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/b-01.shtml" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1564.json b/1999/1xxx/CVE-1999-1564.json index 838d6998a7f..a49c799fa98 100644 --- a/1999/1xxx/CVE-1999-1564.json +++ b/1999/1xxx/CVE-1999-1564.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990902 [ Kernel panic with FreeBSD-3.2-19990830-STABLE ]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/26166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990902 [ Kernel panic with FreeBSD-3.2-19990830-STABLE ]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/26166" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0349.json b/2000/0xxx/CVE-2000-0349.json index 9061d9ca4b1..6f4fac162d0 100644 --- a/2000/0xxx/CVE-2000-0349.json +++ b/2000/0xxx/CVE-2000-0349.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SB-99.13", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SB-99.13", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0377.json b/2000/0xxx/CVE-2000-0377.json index feacb57f152..6a82a8b1e1b 100644 --- a/2000/0xxx/CVE-2000-0377.json +++ b/2000/0xxx/CVE-2000-0377.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the \"Remote Registry Access Authentication\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-040", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-040" - }, - { - "name" : "Q264684", - "refsource" : "MSKB", - "url" : "http://www.microsoft.com/technet/support/kb.asp?ID=264684" - }, - { - "name" : "1331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1331" - }, - { - "name" : "oval:org.mitre.oval:def:1021", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the \"Remote Registry Access Authentication\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1331" + }, + { + "name": "oval:org.mitre.oval:def:1021", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1021" + }, + { + "name": "MS00-040", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-040" + }, + { + "name": "Q264684", + "refsource": "MSKB", + "url": "http://www.microsoft.com/technet/support/kb.asp?ID=264684" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0442.json b/2000/0xxx/CVE-2000-0442.json index 8d3ca59a4c9..2f785b3fc89 100644 --- a/2000/0xxx/CVE-2000-0442.json +++ b/2000/0xxx/CVE-2000-0442.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000523 Qpopper 2.53 remote problem, user can gain gid=mail", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html" - }, - { - "name" : "20000608 pop <= 2000.3.4", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/suse_security_announce_51.html" - }, - { - "name" : "1242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000523 Qpopper 2.53 remote problem, user can gain gid=mail", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html" + }, + { + "name": "1242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1242" + }, + { + "name": "20000608 pop <= 2000.3.4", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/suse_security_announce_51.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0733.json b/2000/0xxx/CVE-2000-0733.json index 1a8bbaec6d3..81a02da95d5 100644 --- a/2000/0xxx/CVE-2000-0733.json +++ b/2000/0xxx/CVE-2000-0733.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000814 [LSD] IRIX telnetd remote vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html" - }, - { - "name" : "20000801-02-P", - "refsource" : "SGI", - "url" : "ftp://sgigate.sgi.com/security/20000801-02-P" - }, - { - "name" : "1572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000814 [LSD] IRIX telnetd remote vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html" + }, + { + "name": "20000801-02-P", + "refsource": "SGI", + "url": "ftp://sgigate.sgi.com/security/20000801-02-P" + }, + { + "name": "1572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1572" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0915.json b/2000/0xxx/CVE-2000-0915.json index b4892f1fb57..9888d4107a7 100644 --- a/2000/0xxx/CVE-2000-0915.json +++ b/2000/0xxx/CVE-2000-0915.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html" - }, - { - "name" : "FreeBSD-SA-00:54", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc" - }, - { - "name" : "1803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1803" - }, - { - "name" : "freebsd-fingerd-files(5385)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5385" - }, - { - "name" : "433", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "433", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/433" + }, + { + "name": "FreeBSD-SA-00:54", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc" + }, + { + "name": "20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html" + }, + { + "name": "1803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1803" + }, + { + "name": "freebsd-fingerd-files(5385)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5385" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1147.json b/2000/1xxx/CVE-2000-1147.json index 9a38e956acd..1f9ffa6684f 100644 --- a/2000/1xxx/CVE-2000-1147.json +++ b/2000/1xxx/CVE-2000-1147.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the \"LANGUAGE\" argument in a script tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001103 IIS ASP $19.95 hack - IISHack 1.5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/143070" - }, - { - "name" : "1911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1911" - }, - { - "name" : "iis-isapi-asp-bo(5510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the \"LANGUAGE\" argument in a script tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001103 IIS ASP $19.95 hack - IISHack 1.5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/143070" + }, + { + "name": "iis-isapi-asp-bo(5510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5510" + }, + { + "name": "1911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1911" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2701.json b/2005/2xxx/CVE-2005-2701.json index 3004032fe85..1085b9150e1 100644 --- a/2005/2xxx/CVE-2005-2701.json +++ b/2005/2xxx/CVE-2005-2701.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-58.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-58.html" - }, - { - "name" : "DSA-868", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-868" - }, - { - "name" : "DSA-838", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-838" - }, - { - "name" : "DSA-866", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-866" - }, - { - "name" : "FLSA-2006:168375", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html" - }, - { - "name" : "MDKSA-2005:169", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:169" - }, - { - "name" : "MDKSA-2005:170", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:170" - }, - { - "name" : "MDKSA-2005:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174" - }, - { - "name" : "RHSA-2005:785", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-785.html" - }, - { - "name" : "RHSA-2005:789", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-789.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "SUSE-SA:2005:058", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_58_mozilla.html" - }, - { - "name" : "USN-200-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-200-1" - }, - { - "name" : "14916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14916" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "oval:org.mitre.oval:def:9323", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9323" - }, - { - "name" : "ADV-2005-1824", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1824" - }, - { - "name" : "19643", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19643" - }, - { - "name" : "oval:org.mitre.oval:def:1480", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1480" - }, - { - "name" : "1014954", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014954" - }, - { - "name" : "16911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16911" - }, - { - "name" : "16917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16917" - }, - { - "name" : "17149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17149" - }, - { - "name" : "17284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17284" - }, - { - "name" : "17026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17026" - }, - { - "name" : "17263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17263" - }, - { - "name" : "16977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16977" - }, - { - "name" : "17014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17014" - }, - { - "name" : "mozilla-xbm-bo(22373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2005:169", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:169" + }, + { + "name": "DSA-868", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-868" + }, + { + "name": "ADV-2005-1824", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1824" + }, + { + "name": "FLSA-2006:168375", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "19643", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19643" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "1014954", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014954" + }, + { + "name": "RHSA-2005:789", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-789.html" + }, + { + "name": "oval:org.mitre.oval:def:1480", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1480" + }, + { + "name": "17026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17026" + }, + { + "name": "mozilla-xbm-bo(22373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22373" + }, + { + "name": "USN-200-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-200-1" + }, + { + "name": "DSA-866", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-866" + }, + { + "name": "14916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14916" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-58.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-58.html" + }, + { + "name": "17284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17284" + }, + { + "name": "17149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17149" + }, + { + "name": "17263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17263" + }, + { + "name": "16917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16917" + }, + { + "name": "DSA-838", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-838" + }, + { + "name": "17014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17014" + }, + { + "name": "RHSA-2005:785", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-785.html" + }, + { + "name": "SUSE-SA:2005:058", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_58_mozilla.html" + }, + { + "name": "MDKSA-2005:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174" + }, + { + "name": "16911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16911" + }, + { + "name": "16977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16977" + }, + { + "name": "oval:org.mitre.oval:def:9323", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9323" + }, + { + "name": "MDKSA-2005:170", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:170" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2722.json b/2005/2xxx/CVE-2005-2722.json index 29e7f0f010e..bfb7d6b5220 100644 --- a/2005/2xxx/CVE-2005-2722.json +++ b/2005/2xxx/CVE-2005-2722.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050824 Foojan PHP Weblog Information Disclosure - Refferer Html Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112491140712884&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050824 Foojan PHP Weblog Information Disclosure - Refferer Html Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112491140712884&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2754.json b/2005/2xxx/CVE-2005-2754.json index 3087f7e2ae0..806fa5fa5b5 100644 --- a/2005/2xxx/CVE-2005-2754.json +++ b/2005/2xxx/CVE-2005-2754.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with \"Improper movie attributes.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051104 Advisory: Apple QuickTime Player Remote Integer Overflow (2)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415709/30/0/threaded" - }, - { - "name" : "http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt", - "refsource" : "MISC", - "url" : "http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=302772", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=302772" - }, - { - "name" : "15308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15308" - }, - { - "name" : "ADV-2005-2293", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2293" - }, - { - "name" : "20476", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20476" - }, - { - "name" : "1015152", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015152" - }, - { - "name" : "17428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with \"Improper movie attributes.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051104 Advisory: Apple QuickTime Player Remote Integer Overflow (2)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415709/30/0/threaded" + }, + { + "name": "20476", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20476" + }, + { + "name": "15308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15308" + }, + { + "name": "http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt", + "refsource": "MISC", + "url": "http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt" + }, + { + "name": "1015152", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015152" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=302772", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=302772" + }, + { + "name": "17428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17428" + }, + { + "name": "ADV-2005-2293", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2293" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3219.json b/2005/3xxx/CVE-2005-3219.json index a641955cb1d..202a2169106 100644 --- a/2005/3xxx/CVE-2005-3219.json +++ b/2005/3xxx/CVE-2005-3219.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3364.json b/2005/3xxx/CVE-2005-3364.json index 7ef202b60f1..52fe237bf7c 100644 --- a/2005/3xxx/CVE-2005-3364.json +++ b/2005/3xxx/CVE-2005-3364.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051024 DBoardGear SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113017087231116&w=2" - }, - { - "name" : "20051025 DboardGear - uncorrect import themes (SQL-inject)", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-10/0298.html" - }, - { - "name" : "15174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15174" - }, - { - "name" : "15194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15194" - }, - { - "name" : "20442", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20442" - }, - { - "name" : "20443", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20443" - }, - { - "name" : "1015095", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015095" - }, - { - "name" : "109", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015095", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015095" + }, + { + "name": "109", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/109" + }, + { + "name": "20051024 DBoardGear SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113017087231116&w=2" + }, + { + "name": "15174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15174" + }, + { + "name": "20442", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20442" + }, + { + "name": "20051025 DboardGear - uncorrect import themes (SQL-inject)", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-10/0298.html" + }, + { + "name": "20443", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20443" + }, + { + "name": "15194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15194" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3453.json b/2005/3xxx/CVE-2005-3453.json index 59674bf954c..81bc1ea411a 100644 --- a/2005/3xxx/CVE-2005-3453.json +++ b/2005/3xxx/CVE-2005-3453.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3834.json b/2005/3xxx/CVE-2005-3834.json index 2a53bc0a24f..c3c2cefb870 100644 --- a/2005/3xxx/CVE-2005-3834.json +++ b/2005/3xxx/CVE-2005-3834.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/tunez-sql-and-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/tunez-sql-and-xss-vuln.html" - }, - { - "name" : "15548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15548" - }, - { - "name" : "ADV-2005-2556", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2556" - }, - { - "name" : "21063", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21063" - }, - { - "name" : "17692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17692" + }, + { + "name": "21063", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21063" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/tunez-sql-and-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/tunez-sql-and-xss-vuln.html" + }, + { + "name": "15548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15548" + }, + { + "name": "ADV-2005-2556", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2556" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3980.json b/2005/3xxx/CVE-2005-3980.json index 0ad7a5022fc..445aa247a39 100644 --- a/2005/3xxx/CVE-2005-3980.json +++ b/2005/3xxx/CVE-2005-3980.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051201 Edgewall Trac SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418294/100/0/threaded" - }, - { - "name" : "http://projects.edgewall.com/trac/wiki/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://projects.edgewall.com/trac/wiki/ChangeLog" - }, - { - "name" : "15676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15676/" - }, - { - "name" : "ADV-2005-2701", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2701" - }, - { - "name" : "21386", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21386" - }, - { - "name" : "1015302", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015302" - }, - { - "name" : "17836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17836/" - }, - { - "name" : "trac-query-sql-injection(23461)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051201 Edgewall Trac SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418294/100/0/threaded" + }, + { + "name": "21386", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21386" + }, + { + "name": "17836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17836/" + }, + { + "name": "ADV-2005-2701", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2701" + }, + { + "name": "15676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15676/" + }, + { + "name": "http://projects.edgewall.com/trac/wiki/ChangeLog", + "refsource": "CONFIRM", + "url": "http://projects.edgewall.com/trac/wiki/ChangeLog" + }, + { + "name": "1015302", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015302" + }, + { + "name": "trac-query-sql-injection(23461)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23461" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4700.json b/2005/4xxx/CVE-2005-4700.json index 39590380640..4beded0ec70 100644 --- a/2005/4xxx/CVE-2005-4700.json +++ b/2005/4xxx/CVE-2005-4700.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051005 Tellme 1.2", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html" - }, - { - "name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt", - "refsource" : "MISC", - "url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt" - }, - { - "name" : "19872", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19872" - }, - { - "name" : "17078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17078" - }, - { - "name" : "tellme-index-path-disclosure(22523)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19872", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19872" + }, + { + "name": "20051005 Tellme 1.2", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html" + }, + { + "name": "tellme-index-path-disclosure(22523)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22523" + }, + { + "name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt", + "refsource": "MISC", + "url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt" + }, + { + "name": "17078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17078" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2595.json b/2009/2xxx/CVE-2009-2595.json index f85e57b7b6c..0bc868a246a 100644 --- a/2009/2xxx/CVE-2009-2595.json +++ b/2009/2xxx/CVE-2009-2595.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.censura.info/forums/project.php?issueid=151", - "refsource" : "CONFIRM", - "url" : "http://www.censura.info/forums/project.php?issueid=151" - }, - { - "name" : "http://www.censura.info/forums/showthread.php?t=969", - "refsource" : "CONFIRM", - "url" : "http://www.censura.info/forums/showthread.php?t=969" - }, - { - "name" : "35920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35920" - }, - { - "name" : "55791", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55791" - }, - { - "name" : "35795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35795" - }, - { - "name" : "censura-q-xss(51665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.censura.info/forums/project.php?issueid=151", + "refsource": "CONFIRM", + "url": "http://www.censura.info/forums/project.php?issueid=151" + }, + { + "name": "http://www.censura.info/forums/showthread.php?t=969", + "refsource": "CONFIRM", + "url": "http://www.censura.info/forums/showthread.php?t=969" + }, + { + "name": "censura-q-xss(51665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51665" + }, + { + "name": "35795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35795" + }, + { + "name": "55791", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55791" + }, + { + "name": "35920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35920" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2764.json b/2009/2xxx/CVE-2009-2764.json index 8af4509ed71..7bc37b5b102 100644 --- a/2009/2xxx/CVE-2009-2764.json +++ b/2009/2xxx/CVE-2009-2764.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9362", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9362" - }, - { - "name" : "35941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35941" + }, + { + "name": "9362", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9362" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3221.json b/2009/3xxx/CVE-2009-3221.json index d24e302d722..7513ce3cea6 100644 --- a/2009/3xxx/CVE-2009-3221.json +++ b/2009/3xxx/CVE-2009-3221.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/alp-overflow.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/alp-overflow.txt" - }, - { - "name" : "56047", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56047" - }, - { - "name" : "35867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35867" - }, - { - "name" : "ADV-2009-1963", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1963" - }, - { - "name" : "audiolibplayer-m3u-bo(51873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "audiolibplayer-m3u-bo(51873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51873" + }, + { + "name": "35867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35867" + }, + { + "name": "ADV-2009-1963", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1963" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/alp-overflow.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/alp-overflow.txt" + }, + { + "name": "56047", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56047" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3621.json b/2009/3xxx/CVE-2009-3621.json index 8241092f6a7..83d921b4828 100644 --- a/2009/3xxx/CVE-2009-3621.json +++ b/2009/3xxx/CVE-2009-3621.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20091019 Re: [PATCH] AF_UNIX: Fix deadlock on connecting to shutdown socket", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2009/10/19/50" - }, - { - "name" : "[oss-security] 20091019 CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/19/2" - }, - { - "name" : "[oss-security] 20091019 Re: CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/19/4" - }, - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=77238f2b942b38ab4e7f3aced44084493e4a8675", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=77238f2b942b38ab4e7f3aced44084493e4a8675" - }, - { - "name" : "http://patchwork.kernel.org/patch/54678/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.kernel.org/patch/54678/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=529626", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=529626" - }, - { - "name" : "FEDORA-2009-11038", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html" - }, - { - "name" : "MDVSA-2009:329", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329" - }, - { - "name" : "RHSA-2009:1540", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1540.html" - }, - { - "name" : "RHSA-2009:1670", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1670.html" - }, - { - "name" : "RHSA-2009:1671", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1671.html" - }, - { - "name" : "SUSE-SA:2009:061", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html" - }, - { - "name" : "SUSE-SA:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html" - }, - { - "name" : "USN-864-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-864-1" - }, - { - "name" : "oval:org.mitre.oval:def:6895", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895" - }, - { - "name" : "oval:org.mitre.oval:def:9921", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921" - }, - { - "name" : "37086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37086" - }, - { - "name" : "37909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37909" - }, - { - "name" : "38017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38017" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "38834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38834" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20091019 CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/19/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=529626", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529626" + }, + { + "name": "[linux-kernel] 20091019 Re: [PATCH] AF_UNIX: Fix deadlock on connecting to shutdown socket", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2009/10/19/50" + }, + { + "name": "RHSA-2009:1671", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html" + }, + { + "name": "[oss-security] 20091019 Re: CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/19/4" + }, + { + "name": "RHSA-2009:1540", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html" + }, + { + "name": "SUSE-SA:2009:061", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html" + }, + { + "name": "USN-864-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-864-1" + }, + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "SUSE-SA:2010:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html" + }, + { + "name": "MDVSA-2009:329", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329" + }, + { + "name": "SUSE-SA:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=77238f2b942b38ab4e7f3aced44084493e4a8675", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=77238f2b942b38ab4e7f3aced44084493e4a8675" + }, + { + "name": "37909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37909" + }, + { + "name": "oval:org.mitre.oval:def:9921", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921" + }, + { + "name": "http://patchwork.kernel.org/patch/54678/", + "refsource": "CONFIRM", + "url": "http://patchwork.kernel.org/patch/54678/" + }, + { + "name": "RHSA-2009:1670", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html" + }, + { + "name": "SUSE-SA:2009:064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html" + }, + { + "name": "38834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38834" + }, + { + "name": "oval:org.mitre.oval:def:6895", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895" + }, + { + "name": "SUSE-SA:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html" + }, + { + "name": "37086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37086" + }, + { + "name": "38017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38017" + }, + { + "name": "FEDORA-2009-11038", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0849.json b/2015/0xxx/CVE-2015-0849.json index 69d07ccfb73..6bd25c7810e 100644 --- a/2015/0xxx/CVE-2015-0849.json +++ b/2015/0xxx/CVE-2015-0849.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0849", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0849", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0857.json b/2015/0xxx/CVE-2015-0857.json index 4da0cc875db..bee65dbd11b 100644 --- a/2015/0xxx/CVE-2015-0857.json +++ b/2015/0xxx/CVE-2015-0857.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-0857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511df276e61dbccdbe1714fc53af965", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511df276e61dbccdbe1714fc53af965" - }, - { - "name" : "DSA-3562", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511df276e61dbccdbe1714fc53af965", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511df276e61dbccdbe1714fc53af965" + }, + { + "name": "DSA-3562", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3562" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0931.json b/2015/0xxx/CVE-2015-0931.json index 6d1dad2d6a4..cb69fbdbd9a 100644 --- a/2015/0xxx/CVE-2015-0931.json +++ b/2015/0xxx/CVE-2015-0931.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a \"resource injection\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-0931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#377644", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/377644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a \"resource injection\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#377644", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/377644" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1300.json b/2015/1xxx/CVE-2015-1300.json index c2dc00e0c0f..1e75ee012b9 100644 --- a/2015/1xxx/CVE-2015-1300.json +++ b/2015/1xxx/CVE-2015-1300.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/w3c/resource-timing/issues/29", - "refsource" : "MISC", - "url" : "https://github.com/w3c/resource-timing/issues/29" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=511616", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=511616" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=199553&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=199553&view=revision" - }, - { - "name" : "DSA-3351", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3351" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1712", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1712.html" - }, - { - "name" : "openSUSE-SU-2015:1873", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" - }, - { - "name" : "1033472", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1873", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" + }, + { + "name": "RHSA-2015:1712", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1712.html" + }, + { + "name": "1033472", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033472" + }, + { + "name": "openSUSE-SU-2015:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" + }, + { + "name": "https://github.com/w3c/resource-timing/issues/29", + "refsource": "MISC", + "url": "https://github.com/w3c/resource-timing/issues/29" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=199553&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=199553&view=revision" + }, + { + "name": "DSA-3351", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3351" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=511616", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=511616" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1364.json b/2015/1xxx/CVE-2015-1364.json index b48733ab964..1f461f3b755 100644 --- a/2015/1xxx/CVE-2015-1364.json +++ b/2015/1xxx/CVE-2015-1364.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35857", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35857" - }, - { - "name" : "20150121 SQL injection vulnerability in articleFR CMS 3.0.5", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/81" - }, - { - "name" : "http://www.itas.vn/news/itas-team-found-out-a-sql-injection-vulnerability-in-articlefr-cms-72.html", - "refsource" : "MISC", - "url" : "http://www.itas.vn/news/itas-team-found-out-a-sql-injection-vulnerability-in-articlefr-cms-72.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35857", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35857" + }, + { + "name": "http://www.itas.vn/news/itas-team-found-out-a-sql-injection-vulnerability-in-articlefr-cms-72.html", + "refsource": "MISC", + "url": "http://www.itas.vn/news/itas-team-found-out-a-sql-injection-vulnerability-in-articlefr-cms-72.html" + }, + { + "name": "20150121 SQL injection vulnerability in articleFR CMS 3.0.5", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/81" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1589.json b/2015/1xxx/CVE-2015-1589.json index 9efcef14bdb..63406b5c3e0 100644 --- a/2015/1xxx/CVE-2015-1589.json +++ b/2015/1xxx/CVE-2015-1589.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150212 CVE request: archmage directory traversal", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/12/9" - }, - { - "name" : "[oss-security] 20150212 Re: CVE request: archmage directory traversal", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/12/16" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776164", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776164" - }, - { - "name" : "archmage-cve20151589-dir-trav(100879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776164", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776164" + }, + { + "name": "[oss-security] 20150212 CVE request: archmage directory traversal", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/12/9" + }, + { + "name": "archmage-cve20151589-dir-trav(100879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100879" + }, + { + "name": "[oss-security] 20150212 Re: CVE request: archmage directory traversal", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/12/16" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1703.json b/2015/1xxx/CVE-2015-1703.json index 87f88b38a49..cb1e27793b3 100644 --- a/2015/1xxx/CVE-2015-1703.json +++ b/2015/1xxx/CVE-2015-1703.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-1704." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" - }, - { - "name" : "74520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74520" - }, - { - "name" : "1032282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-1704." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74520" + }, + { + "name": "1032282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032282" + }, + { + "name": "MS15-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1772.json b/2015/1xxx/CVE-2015-1772.json index 2f91a1d3855..7a8e8b91c0f 100644 --- a/2015/1xxx/CVE-2015-1772.json +++ b/2015/1xxx/CVE-2015-1772.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[www-announce] 20150521 CVE-2015-1772", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21969546", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21969546" - }, - { - "name" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", - "refsource" : "CONFIRM", - "url" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" - }, - { - "name" : "1034365", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[www-announce] 20150521 CVE-2015-1772", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969546", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969546" + }, + { + "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", + "refsource": "CONFIRM", + "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" + }, + { + "name": "1034365", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034365" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1817.json b/2015/1xxx/CVE-2015-1817.json index 47587efe347..5d3019199f3 100644 --- a/2015/1xxx/CVE-2015-1817.json +++ b/2015/1xxx/CVE-2015-1817.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150330 Security advisory for musl libc - stack-based buffer overflow in ipv6 literal parsing [CVE-2015-1817]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/30/3" - }, - { - "name" : "73408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150330 Security advisory for musl libc - stack-based buffer overflow in ipv6 literal parsing [CVE-2015-1817]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/30/3" + }, + { + "name": "73408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73408" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4266.json b/2015/4xxx/CVE-2015-4266.json index 87c3a9252d8..f9ba866f809 100644 --- a/2015/4xxx/CVE-2015-4266.json +++ b/2015/4xxx/CVE-2015-4266.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCut04556." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150714 Cisco Identity Services Engine Cross-Frame Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39871" - }, - { - "name" : "1032930", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCut04556." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150714 Cisco Identity Services Engine Cross-Frame Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39871" + }, + { + "name": "1032930", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032930" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4470.json b/2015/4xxx/CVE-2015-4470.json index e22bd5d43a5..bc622d54c0c 100644 --- a/2015/4xxx/CVE-2015-4470.json +++ b/2015/4xxx/CVE-2015-4470.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150203 Possible CVE Requests: libmspack: several issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/02/03/11" - }, - { - "name" : "https://bugs.debian.org/775498", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/775498" - }, - { - "name" : "72487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/775498", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/775498" + }, + { + "name": "[oss-security] 20150203 Possible CVE Requests: libmspack: several issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/02/03/11" + }, + { + "name": "72487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72487" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4945.json b/2015/4xxx/CVE-2015-4945.json index fc5725462f0..173a89509ce 100644 --- a/2015/4xxx/CVE-2015-4945.json +++ b/2015/4xxx/CVE-2015-4945.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962601", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21962601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21962601", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962601" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8601.json b/2015/8xxx/CVE-2015-8601.json index fb547f73d5e..23bf8a2a8d8 100644 --- a/2015/8xxx/CVE-2015-8601.json +++ b/2015/8xxx/CVE-2015-8601.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2627478", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2627478" - }, - { - "name" : "https://www.drupal.org/node/2627428", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2627428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2627478", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2627478" + }, + { + "name": "https://www.drupal.org/node/2627428", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2627428" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9028.json b/2015/9xxx/CVE-2015-9028.json index fe046c4ab2f..0fc080e6961 100644 --- a/2015/9xxx/CVE-2015-9028.json +++ b/2015/9xxx/CVE-2015-9028.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2015-9028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in MPSS" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2015-9028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98874" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in MPSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98874" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2081.json b/2018/2xxx/CVE-2018-2081.json index f56d7153c74..8af817dff17 100644 --- a/2018/2xxx/CVE-2018-2081.json +++ b/2018/2xxx/CVE-2018-2081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2081", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2081", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2245.json b/2018/2xxx/CVE-2018-2245.json index 15237d60726..92fa933fae1 100644 --- a/2018/2xxx/CVE-2018-2245.json +++ b/2018/2xxx/CVE-2018-2245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2245", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2245", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2446.json b/2018/2xxx/CVE-2018-2446.json index 54d0d1ed1fd..53a49c7e0f2 100644 --- a/2018/2xxx/CVE-2018-2446.json +++ b/2018/2xxx/CVE-2018-2446.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP BusinessObjects Business Intelligence", - "version" : { - "version_data" : [ - { - "version_name" : "", - "version_value" : "4.1" - }, - { - "version_name" : "", - "version_value" : "4.2" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence", + "version": { + "version_data": [ + { + "version_name": "", + "version_value": "4.1" + }, + { + "version_name": "", + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2633846", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2633846" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742" - }, - { - "name" : "105089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105089" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2633846", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2633846" + }, + { + "name": "105089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105089" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2589.json b/2018/2xxx/CVE-2018-2589.json index 2856614927b..25bbbb68979 100644 --- a/2018/2xxx/CVE-2018-2589.json +++ b/2018/2xxx/CVE-2018-2589.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Simphony", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.7" - }, - { - "version_affected" : "=", - "version_value" : "2.8" - }, - { - "version_affected" : "=", - "version_value" : "2.9" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Simphony", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.7" + }, + { + "version_affected": "=", + "version_value": "2.8" + }, + { + "version_affected": "=", + "version_value": "2.9" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102540" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2723.json b/2018/2xxx/CVE-2018-2723.json index 7aac45c84af..76f61edf043 100644 --- a/2018/2xxx/CVE-2018-2723.json +++ b/2018/2xxx/CVE-2018-2723.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Services Asset Liability Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "6.1.x" - }, - { - "version_affected" : "=", - "version_value" : "8.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Asset Liability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Asset Liability Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Asset Liability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Asset Liability Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Asset Liability Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.1.x" + }, + { + "version_affected": "=", + "version_value": "8.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102601" - }, - { - "name" : "1040214", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Asset Liability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Asset Liability Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Asset Liability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Asset Liability Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040214", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040214" + }, + { + "name": "102601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102601" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2999.json b/2018/2xxx/CVE-2018-2999.json index 4704f37aa91..9aea42548d9 100644 --- a/2018/2xxx/CVE-2018-2999.json +++ b/2018/2xxx/CVE-2018-2999.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "JD Edwards EnterpriseOne Tools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "JD Edwards EnterpriseOne Tools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104789" - }, - { - "name" : "1041305", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104789" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041305", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041305" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3042.json b/2018/3xxx/CVE-2018-3042.json index d9d53cd832e..e9325a79ad6 100644 --- a/2018/3xxx/CVE-2018-3042.json +++ b/2018/3xxx/CVE-2018-3042.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Banking Corporate Lending", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.4.0" - }, - { - "version_affected" : "=", - "version_value" : "12.5.0" - }, - { - "version_affected" : "=", - "version_value" : "14.0.0" - }, - { - "version_affected" : "=", - "version_value" : "14.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "12.4.0" + }, + { + "version_affected": "=", + "version_value": "12.5.0" + }, + { + "version_affected": "=", + "version_value": "14.0.0" + }, + { + "version_affected": "=", + "version_value": "14.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104795" - }, - { - "name" : "1041307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041307" + }, + { + "name": "104795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104795" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6215.json b/2018/6xxx/CVE-2018-6215.json index 7a7a8576c0d..46f477bdcfb 100644 --- a/2018/6xxx/CVE-2018-6215.json +++ b/2018/6xxx/CVE-2018-6215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6215", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6215", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6330.json b/2018/6xxx/CVE-2018-6330.json index 2768c495392..b5dea07be8d 100644 --- a/2018/6xxx/CVE-2018-6330.json +++ b/2018/6xxx/CVE-2018-6330.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6330", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6330", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6706.json b/2018/6xxx/CVE-2018-6706.json index 3b83cfc3f11..3f3d9101ca8 100644 --- a/2018/6xxx/CVE-2018-6706.json +++ b/2018/6xxx/CVE-2018-6706.json @@ -1,121 +1,121 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2018-6706", - "STATE" : "PUBLIC", - "TITLE" : "McAfee Agent (MA) non-Windows versions incorrect use of temporary file vulnerability " - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "McAfee Agent (MA) for Linux", - "version" : { - "version_data" : [ - { - "affected" : ">=", - "platform" : "x86", - "version_name" : "5.0.0", - "version_value" : "5.0.0" - }, - { - "affected" : "<=", - "platform" : "x86", - "version_name" : "5.0.6", - "version_value" : "5.0.6" - }, - { - "affected" : "=", - "platform" : "x86", - "version_name" : "5.5.0", - "version_value" : "5.5.0" - }, - { - "affected" : "=", - "platform" : "x86", - "version_name" : "5.5.1", - "version_value" : "5.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "McAfee credits Brandon Vincent for discovery of this vulnerability" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 2.3, - "baseSeverity" : "LOW", - "confidentialityImpact" : "NONE", - "integrityImpact" : "LOW", - "privilegesRequired" : "HIGH", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Temporary File (CWE-377)" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2018-6706", + "STATE": "PUBLIC", + "TITLE": "McAfee Agent (MA) non-Windows versions incorrect use of temporary file vulnerability " + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Agent (MA) for Linux", + "version": { + "version_data": [ + { + "affected": ">=", + "platform": "x86", + "version_name": "5.0.0", + "version_value": "5.0.0" + }, + { + "affected": "<=", + "platform": "x86", + "version_name": "5.0.6", + "version_value": "5.0.6" + }, + { + "affected": "=", + "platform": "x86", + "version_name": "5.5.0", + "version_value": "5.5.0" + }, + { + "affected": "=", + "platform": "x86", + "version_name": "5.5.1", + "version_value": "5.5.1" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10260", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10260" - }, - { - "name" : "106328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106328" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0." - } - ], - "source" : { - "advisory" : "SB10260", - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "McAfee credits Brandon Vincent for discovery of this vulnerability" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Temporary File (CWE-377)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106328" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10260", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10260" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0." + } + ], + "source": { + "advisory": "SB10260", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6725.json b/2018/6xxx/CVE-2018-6725.json index 76da4bde3ef..be969623ca8 100644 --- a/2018/6xxx/CVE-2018-6725.json +++ b/2018/6xxx/CVE-2018-6725.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6725", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6725", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6879.json b/2018/6xxx/CVE-2018-6879.json index d5212ab819f..3b10dbcadf4 100644 --- a/2018/6xxx/CVE-2018-6879.json +++ b/2018/6xxx/CVE-2018-6879.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0day4u.wordpress.com/2018/03/12/website-seller-script-improper-validation-of-email-address/", - "refsource" : "MISC", - "url" : "https://0day4u.wordpress.com/2018/03/12/website-seller-script-improper-validation-of-email-address/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0day4u.wordpress.com/2018/03/12/website-seller-script-improper-validation-of-email-address/", + "refsource": "MISC", + "url": "https://0day4u.wordpress.com/2018/03/12/website-seller-script-improper-validation-of-email-address/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7096.json b/2018/7xxx/CVE-2018-7096.json index 3fd99e6f2ba..9f9513eac54 100644 --- a/2018/7xxx/CVE-2018-7096.json +++ b/2018/7xxx/CVE-2018-7096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE 3PAR Service Processors", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to SP-4.4.0.GA-110(MU7)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE 3PAR Service Processors", + "version": { + "version_data": [ + { + "version_value": "Prior to SP-4.4.0.GA-110(MU7)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7313.json b/2018/7xxx/CVE-2018-7313.json index 4cb2d0a4fbe..b46d8b5b52e 100644 --- a/2018/7xxx/CVE-2018-7313.json +++ b/2018/7xxx/CVE-2018-7313.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44158", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44158/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44158", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44158/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7598.json b/2018/7xxx/CVE-2018-7598.json index c007c2a3559..a89e168351a 100644 --- a/2018/7xxx/CVE-2018-7598.json +++ b/2018/7xxx/CVE-2018-7598.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7598", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7598", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5686.json b/2019/5xxx/CVE-2019-5686.json index f94a85b5d89..37600c35003 100644 --- a/2019/5xxx/CVE-2019-5686.json +++ b/2019/5xxx/CVE-2019-5686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file