From 1db12c7400d132b22743cbaf4b54814c6e53ca4c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:30:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0077.json | 120 ++--- 1999/0xxx/CVE-1999-0141.json | 120 ++--- 1999/0xxx/CVE-1999-0211.json | 120 ++--- 1999/0xxx/CVE-1999-0887.json | 130 ++--- 1999/1xxx/CVE-1999-1219.json | 150 +++--- 1999/1xxx/CVE-1999-1227.json | 140 +++--- 1999/1xxx/CVE-1999-1301.json | 140 +++--- 1999/1xxx/CVE-1999-1508.json | 130 ++--- 1999/1xxx/CVE-1999-1596.json | 34 +- 2000/0xxx/CVE-2000-0306.json | 130 ++--- 2000/0xxx/CVE-2000-0407.json | 130 ++--- 2000/0xxx/CVE-2000-0620.json | 140 +++--- 2000/0xxx/CVE-2000-0665.json | 160 +++---- 2000/0xxx/CVE-2000-0679.json | 130 ++--- 2000/0xxx/CVE-2000-0758.json | 140 +++--- 2000/0xxx/CVE-2000-0971.json | 140 +++--- 2000/1xxx/CVE-2000-1111.json | 140 +++--- 2000/1xxx/CVE-2000-1135.json | 140 +++--- 2005/2xxx/CVE-2005-2285.json | 130 ++--- 2005/2xxx/CVE-2005-2389.json | 130 ++--- 2005/2xxx/CVE-2005-2427.json | 160 +++---- 2005/2xxx/CVE-2005-2605.json | 140 +++--- 2005/2xxx/CVE-2005-2658.json | 140 +++--- 2005/2xxx/CVE-2005-2748.json | 160 +++---- 2005/2xxx/CVE-2005-2847.json | 160 +++---- 2005/3xxx/CVE-2005-3066.json | 170 +++---- 2005/3xxx/CVE-2005-3102.json | 130 ++--- 2005/3xxx/CVE-2005-3260.json | 180 +++---- 2005/3xxx/CVE-2005-3353.json | 420 ++++++++-------- 2005/3xxx/CVE-2005-3454.json | 160 +++---- 2005/3xxx/CVE-2005-3812.json | 150 +++--- 2005/3xxx/CVE-2005-3921.json | 230 ++++----- 2007/5xxx/CVE-2007-5443.json | 160 +++---- 2007/5xxx/CVE-2007-5645.json | 34 +- 2007/5xxx/CVE-2007-5989.json | 190 ++++---- 2009/2xxx/CVE-2009-2017.json | 140 +++--- 2009/2xxx/CVE-2009-2073.json | 170 +++---- 2009/2xxx/CVE-2009-2385.json | 150 +++--- 2009/2xxx/CVE-2009-2617.json | 150 +++--- 2009/2xxx/CVE-2009-2625.json | 740 ++++++++++++++--------------- 2009/2xxx/CVE-2009-2793.json | 120 ++--- 2009/2xxx/CVE-2009-2883.json | 140 +++--- 2009/2xxx/CVE-2009-2923.json | 140 +++--- 2009/3xxx/CVE-2009-3040.json | 140 +++--- 2009/3xxx/CVE-2009-3140.json | 34 +- 2009/3xxx/CVE-2009-3246.json | 150 +++--- 2009/3xxx/CVE-2009-3322.json | 160 +++---- 2009/3xxx/CVE-2009-3962.json | 150 +++--- 2015/0xxx/CVE-2015-0023.json | 150 +++--- 2015/0xxx/CVE-2015-0052.json | 140 +++--- 2015/0xxx/CVE-2015-0092.json | 140 +++--- 2015/0xxx/CVE-2015-0333.json | 190 ++++---- 2015/0xxx/CVE-2015-0589.json | 160 +++---- 2015/0xxx/CVE-2015-0596.json | 170 +++---- 2015/0xxx/CVE-2015-0932.json | 150 +++--- 2015/0xxx/CVE-2015-0956.json | 34 +- 2015/1xxx/CVE-2015-1204.json | 140 +++--- 2015/1xxx/CVE-2015-1376.json | 170 +++---- 2015/1xxx/CVE-2015-1941.json | 150 +++--- 2015/4xxx/CVE-2015-4017.json | 150 +++--- 2015/4xxx/CVE-2015-4146.json | 190 ++++---- 2015/4xxx/CVE-2015-4245.json | 34 +- 2015/4xxx/CVE-2015-4360.json | 180 +++---- 2015/4xxx/CVE-2015-4495.json | 280 +++++------ 2015/4xxx/CVE-2015-4601.json | 190 ++++---- 2015/4xxx/CVE-2015-4718.json | 140 +++--- 2015/8xxx/CVE-2015-8118.json | 34 +- 2015/8xxx/CVE-2015-8425.json | 220 ++++----- 2015/8xxx/CVE-2015-8768.json | 190 ++++---- 2015/8xxx/CVE-2015-8828.json | 34 +- 2015/8xxx/CVE-2015-8889.json | 140 +++--- 2015/9xxx/CVE-2015-9004.json | 150 +++--- 2015/9xxx/CVE-2015-9036.json | 132 ++--- 2016/5xxx/CVE-2016-5840.json | 160 +++---- 2016/5xxx/CVE-2016-5949.json | 184 +++---- 2018/1002xxx/CVE-2018-1002150.json | 130 ++--- 2018/1999xxx/CVE-2018-1999002.json | 136 +++--- 2018/2xxx/CVE-2018-2225.json | 34 +- 2018/2xxx/CVE-2018-2285.json | 34 +- 2018/2xxx/CVE-2018-2306.json | 34 +- 2018/2xxx/CVE-2018-2521.json | 34 +- 2018/2xxx/CVE-2018-2606.json | 140 +++--- 2018/2xxx/CVE-2018-2617.json | 132 ++--- 2018/6xxx/CVE-2018-6207.json | 120 ++--- 2018/6xxx/CVE-2018-6487.json | 174 +++---- 2018/6xxx/CVE-2018-6532.json | 120 ++--- 2018/6xxx/CVE-2018-6542.json | 120 ++--- 2018/6xxx/CVE-2018-6593.json | 130 ++--- 2018/6xxx/CVE-2018-6838.json | 34 +- 2018/7xxx/CVE-2018-7094.json | 120 ++--- 2018/7xxx/CVE-2018-7197.json | 120 ++--- 2018/7xxx/CVE-2018-7378.json | 34 +- 2018/7xxx/CVE-2018-7473.json | 120 ++--- 2018/7xxx/CVE-2018-7674.json | 188 ++++---- 2019/1xxx/CVE-2019-1466.json | 34 +- 2019/1xxx/CVE-2019-1991.json | 132 ++--- 2019/5xxx/CVE-2019-5100.json | 34 +- 2019/5xxx/CVE-2019-5309.json | 34 +- 2019/5xxx/CVE-2019-5587.json | 34 +- 2019/5xxx/CVE-2019-5716.json | 160 +++---- 100 files changed, 6973 insertions(+), 6973 deletions(-) diff --git a/1999/0xxx/CVE-1999-0077.json b/1999/0xxx/CVE-1999-0077.json index 3be6ee84584..64b977091da 100644 --- a/1999/0xxx/CVE-1999-0077.json +++ b/1999/0xxx/CVE-1999-0077.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Predictable TCP sequence numbers allow spoofing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "tcp-seq-predict(139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Predictable TCP sequence numbers allow spoofing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tcp-seq-predict(139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0141.json b/1999/0xxx/CVE-1999-0141.json index 0e7085f1ff8..24cc0f6f8d5 100644 --- a/1999/0xxx/CVE-1999-0141.json +++ b/1999/0xxx/CVE-1999-0141.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00134", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "00134", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0211.json b/1999/0xxx/CVE-1999-0211.json index 7a77affdb52..3b3a49134f0 100644 --- a/1999/0xxx/CVE-1999-0211.json +++ b/1999/0xxx/CVE-1999-0211.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0887.json b/1999/0xxx/CVE-1999-0887.json index 0479119981a..ad926e06a51 100644 --- a/1999/0xxx/CVE-1999-0887.json +++ b/1999/0xxx/CVE-1999-0887.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "AD05261999", - "refsource" : "EEYE", - "url" : "http://www.eeye.com/html/Research/Advisories/AD05261999.html" - }, - { - "name" : "1137", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "AD05261999", + "refsource": "EEYE", + "url": "http://www.eeye.com/html/Research/Advisories/AD05261999.html" + }, + { + "name": "1137", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1137" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1219.json b/1999/1xxx/CVE-1999-1219.json index 7fce52d2164..3bcd30de9c8 100644 --- a/1999/1xxx/CVE-1999-1219.json +++ b/1999/1xxx/CVE-1999-1219.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1994-13", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1994-13.html" - }, - { - "name" : "E-33", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/e-33.shtml" - }, - { - "name" : "sgi-prn-mgr(511)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/511" - }, - { - "name" : "468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sgi-prn-mgr(511)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/511" + }, + { + "name": "468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/468" + }, + { + "name": "E-33", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/e-33.shtml" + }, + { + "name": "CA-1994-13", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1994-13.html" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1227.json b/1999/1xxx/CVE-1999-1227.json index 20afc7fda86..24f0b395cf6 100644 --- a/1999/1xxx/CVE-1999-1227.json +++ b/1999/1xxx/CVE-1999-1227.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/lists/ethereal-dev/199907/msg00126.html", - "refsource" : "MISC", - "url" : "http://www.ethereal.com/lists/ethereal-dev/199907/msg00126.html" - }, - { - "name" : "http://www.ethereal.com/lists/ethereal-dev/199907/msg00130.html", - "refsource" : "MISC", - "url" : "http://www.ethereal.com/lists/ethereal-dev/199907/msg00130.html" - }, - { - "name" : "ethereal-dev-capturec-root(3334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ethereal-dev-capturec-root(3334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3334" + }, + { + "name": "http://www.ethereal.com/lists/ethereal-dev/199907/msg00126.html", + "refsource": "MISC", + "url": "http://www.ethereal.com/lists/ethereal-dev/199907/msg00126.html" + }, + { + "name": "http://www.ethereal.com/lists/ethereal-dev/199907/msg00130.html", + "refsource": "MISC", + "url": "http://www.ethereal.com/lists/ethereal-dev/199907/msg00130.html" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1301.json b/1999/1xxx/CVE-1999-1301.json index 9d34049934f..5fc475a9cd1 100644 --- a/1999/1xxx/CVE-1999-1301.json +++ b/1999/1xxx/CVE-1999-1301.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "G-31", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/g-31.shtml" - }, - { - "name" : "FreeBSD-SA-96:17", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc" - }, - { - "name" : "rzsz-command-execution(7540)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7540.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-96:17", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc" + }, + { + "name": "rzsz-command-execution(7540)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7540.php" + }, + { + "name": "G-31", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/g-31.shtml" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1508.json b/1999/1xxx/CVE-1999-1508.json index 7ede8d572db..f0b7f6581ce 100644 --- a/1999/1xxx/CVE-1999-1508.json +++ b/1999/1xxx/CVE-1999-1508.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991116 [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94286041430870&w=2" - }, - { - "name" : "806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991116 [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94286041430870&w=2" + }, + { + "name": "806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/806" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1596.json b/1999/1xxx/CVE-1999-1596.json index 4b050c939bb..650feedba93 100644 --- a/1999/1xxx/CVE-1999-1596.json +++ b/1999/1xxx/CVE-1999-1596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1596", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1596", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0306.json b/2000/0xxx/CVE-2000-0306.json index 8222eb21dde..614f304755d 100644 --- a/2000/0xxx/CVE-2000-0306.json +++ b/2000/0xxx/CVE-2000-0306.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SB-99.02", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a" - }, - { - "name" : "19981229 Local/remote exploit for SCO UNIX.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19981229 Local/remote exploit for SCO UNIX.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su" + }, + { + "name": "SB-99.02", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0407.json b/2000/0xxx/CVE-2000-0407.json index 970aa970664..c1f2c278f77 100644 --- a/2000/0xxx/CVE-2000-0407.json +++ b/2000/0xxx/CVE-2000-0407.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html" - }, - { - "name" : "1200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1200" + }, + { + "name": "20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0620.json b/2000/0xxx/CVE-2000-0620.json index 2c438a57209..6472b65a6d7 100644 --- a/2000/0xxx/CVE-2000-0620.json +++ b/2000/0xxx/CVE-2000-0620.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000619 XFree86: Various nasty libX11 holes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=96146116627474&w=2" - }, - { - "name" : "1409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1409" - }, - { - "name" : "libx11-infinite-loop-dos(4996)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "libx11-infinite-loop-dos(4996)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" + }, + { + "name": "20000619 XFree86: Various nasty libX11 holes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=96146116627474&w=2" + }, + { + "name": "1409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1409" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0665.json b/2000/0xxx/CVE-2000-0665.json index 8366299403a..2f432be575d 100644 --- a/2000/0xxx/CVE-2000-0665.json +++ b/2000/0xxx/CVE-2000-0665.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html" - }, - { - "name" : "20000729 TelSrv Reveals Usernames & Passwords After DoS Attack", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html" - }, - { - "name" : "1478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1478" - }, - { - "name" : "gamsoft-telsrv-dos(4945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4945" - }, - { - "name" : "373", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gamsoft-telsrv-dos(4945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4945" + }, + { + "name": "20000729 TelSrv Reveals Usernames & Passwords After DoS Attack", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html" + }, + { + "name": "1478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1478" + }, + { + "name": "373", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/373" + }, + { + "name": "20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0679.json b/2000/0xxx/CVE-2000-0679.json index 331b8459adc..e351d4ee41e 100644 --- a/2000/0xxx/CVE-2000-0679.json +++ b/2000/0xxx/CVE-2000-0679.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000728 cvs security problem", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org" - }, - { - "name" : "1523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000728 cvs security problem", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org" + }, + { + "name": "1523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1523" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0758.json b/2000/0xxx/CVE-2000-0758.json index 58d15215923..dbba4391902 100644 --- a/2000/0xxx/CVE-2000-0758.json +++ b/2000/0xxx/CVE-2000-0758.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000811 Lyris List Manager Administration Hole", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html" - }, - { - "name" : "http://www.lyris.com/lm/lm_updates.html", - "refsource" : "CONFIRM", - "url" : "http://www.lyris.com/lm/lm_updates.html" - }, - { - "name" : "1584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.lyris.com/lm/lm_updates.html", + "refsource": "CONFIRM", + "url": "http://www.lyris.com/lm/lm_updates.html" + }, + { + "name": "20000811 Lyris List Manager Administration Hole", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html" + }, + { + "name": "1584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1584" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0971.json b/2000/0xxx/CVE-2000-0971.json index a0263d050c0..55fe91d8637 100644 --- a/2000/0xxx/CVE-2000-0971.json +++ b/2000/0xxx/CVE-2000-0971.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long \"RCPT TO\" or \"MAIL FROM\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001023 Avirt Mail 4.x DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0301.html" - }, - { - "name" : "avirt-mail-from-dos(5397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5397" - }, - { - "name" : "avirt-rcpt-to-dos(5398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long \"RCPT TO\" or \"MAIL FROM\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001023 Avirt Mail 4.x DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0301.html" + }, + { + "name": "avirt-mail-from-dos(5397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5397" + }, + { + "name": "avirt-rcpt-to-dos(5398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5398" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1111.json b/2000/1xxx/CVE-2000-1111.json index 1b706d8d329..f2a7e331294 100644 --- a/2000/1xxx/CVE-2000-1111.json +++ b/2000/1xxx/CVE-2000-1111.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001129 Windows 2000 Telnet Service DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/147914" - }, - { - "name" : "2018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2018" - }, - { - "name" : "win2k-telnet-dos(5598)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win2k-telnet-dos(5598)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5598" + }, + { + "name": "2018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2018" + }, + { + "name": "20001129 Windows 2000 Telnet Service DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/147914" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1135.json b/2000/1xxx/CVE-2000-1135.json index 7cd021fa297..7ec79a78f01 100644 --- a/2000/1xxx/CVE-2000-1135.json +++ b/2000/1xxx/CVE-2000-1135.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001130 DSA-002-1 fsh: symlink attack", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2000/20001130" - }, - { - "name" : "linux-fsh-symlink(5633)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5633" - }, - { - "name" : "7208", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-fsh-symlink(5633)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5633" + }, + { + "name": "20001130 DSA-002-1 fsh: symlink attack", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2000/20001130" + }, + { + "name": "7208", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7208" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2285.json b/2005/2xxx/CVE-2005-2285.json index 1899f3d001d..494a9aee091 100644 --- a/2005/2xxx/CVE-2005-2285.json +++ b/2005/2xxx/CVE-2005-2285.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/JGEI-6BWPXL", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JGEI-6BWPXL" - }, - { - "name" : "VU#165290", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/165290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/JGEI-6BWPXL", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JGEI-6BWPXL" + }, + { + "name": "VU#165290", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/165290" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2389.json b/2005/2xxx/CVE-2005-2389.json index b4469cc0a99..5757376884d 100644 --- a/2005/2xxx/CVE-2005-2389.json +++ b/2005/2xxx/CVE-2005-2389.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hat-squad.com/en/000170.html", - "refsource" : "MISC", - "url" : "http://www.hat-squad.com/en/000170.html" - }, - { - "name" : "16187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hat-squad.com/en/000170.html", + "refsource": "MISC", + "url": "http://www.hat-squad.com/en/000170.html" + }, + { + "name": "16187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16187" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2427.json b/2005/2xxx/CVE-2005-2427.json index 5d6e9472e92..5f4d1a689f5 100644 --- a/2005/2xxx/CVE-2005-2427.json +++ b/2005/2xxx/CVE-2005-2427.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050726 [HSC Security Group] XSS in CartWiz", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112240525414263&w=2" - }, - { - "name" : "14386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14386" - }, - { - "name" : "18463", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18463" - }, - { - "name" : "1014581", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014581" - }, - { - "name" : "cartwiz-viewcart-xss(21554)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cartwiz-viewcart-xss(21554)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21554" + }, + { + "name": "20050726 [HSC Security Group] XSS in CartWiz", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112240525414263&w=2" + }, + { + "name": "1014581", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014581" + }, + { + "name": "14386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14386" + }, + { + "name": "18463", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18463" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2605.json b/2005/2xxx/CVE-2005-2605.json index 87e34f94948..3674bcb377f 100644 --- a/2005/2xxx/CVE-2005-2605.json +++ b/2005/2xxx/CVE-2005-2605.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.omnipilot.com/Software%20Updates.1747.8901.lasso", - "refsource" : "CONFIRM", - "url" : "http://www.omnipilot.com/Software%20Updates.1747.8901.lasso" - }, - { - "name" : "14543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14543" - }, - { - "name" : "16364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16364" + }, + { + "name": "http://www.omnipilot.com/Software%20Updates.1747.8901.lasso", + "refsource": "CONFIRM", + "url": "http://www.omnipilot.com/Software%20Updates.1747.8901.lasso" + }, + { + "name": "14543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14543" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2658.json b/2005/2xxx/CVE-2005-2658.json index e0b84e0a49b..53d81993e47 100644 --- a/2005/2xxx/CVE-2005-2658.json +++ b/2005/2xxx/CVE-2005-2658.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-2658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-812", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-812" - }, - { - "name" : "http://cvs.alioth.debian.org/cgi-bin/cvsweb.cgi/turqstat/utility.cpp.diff?cvsroot=turqstat&r2=1.41&r1=1.40&f=u", - "refsource" : "MISC", - "url" : "http://cvs.alioth.debian.org/cgi-bin/cvsweb.cgi/turqstat/utility.cpp.diff?cvsroot=turqstat&r2=1.41&r1=1.40&f=u" - }, - { - "name" : "14852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvs.alioth.debian.org/cgi-bin/cvsweb.cgi/turqstat/utility.cpp.diff?cvsroot=turqstat&r2=1.41&r1=1.40&f=u", + "refsource": "MISC", + "url": "http://cvs.alioth.debian.org/cgi-bin/cvsweb.cgi/turqstat/utility.cpp.diff?cvsroot=turqstat&r2=1.41&r1=1.40&f=u" + }, + { + "name": "14852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14852" + }, + { + "name": "DSA-812", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-812" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2748.json b/2005/2xxx/CVE-2005-2748.json index 8ea5bb02065..87418f30444 100644 --- a/2005/2xxx/CVE-2005-2748.json +++ b/2005/2xxx/CVE-2005-2748.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.suresec.org/advisories/adv7.pdf", - "refsource" : "MISC", - "url" : "http://www.suresec.org/advisories/adv7.pdf" - }, - { - "name" : "APPLE-SA-2005-09-22", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html" - }, - { - "name" : "ESB-2005.0732", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/5509" - }, - { - "name" : "P-312", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-312.shtml" - }, - { - "name" : "16920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16920/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "P-312", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-312.shtml" + }, + { + "name": "http://www.suresec.org/advisories/adv7.pdf", + "refsource": "MISC", + "url": "http://www.suresec.org/advisories/adv7.pdf" + }, + { + "name": "ESB-2005.0732", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/5509" + }, + { + "name": "APPLE-SA-2005-09-22", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html" + }, + { + "name": "16920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16920/" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2847.json b/2005/2xxx/CVE-2005-2847.json index d001029d7ab..58537e60e47 100644 --- a/2005/2xxx/CVE-2005-2847.json +++ b/2005/2xxx/CVE-2005-2847.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050901 [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112560044813390&w=2" - }, - { - "name" : "http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1", - "refsource" : "MISC", - "url" : "http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1" - }, - { - "name" : "14712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14712" - }, - { - "name" : "1014837", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Sep/1014837.html" - }, - { - "name" : "16683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16683/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14712" + }, + { + "name": "1014837", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Sep/1014837.html" + }, + { + "name": "16683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16683/" + }, + { + "name": "http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1", + "refsource": "MISC", + "url": "http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1" + }, + { + "name": "20050901 [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112560044813390&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3066.json b/2005/3xxx/CVE-2005-3066.json index da8f22efac1..6c30939b3de 100644 --- a/2005/3xxx/CVE-2005-3066.json +++ b/2005/3xxx/CVE-2005-3066.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver 1.x allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050920 perldiver", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0543.html" - }, - { - "name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-014-perldiver.txt", - "refsource" : "MISC", - "url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-014-perldiver.txt" - }, - { - "name" : "http://www.scriptsolutions.com/support/showflat.pl?Board=PDBugs&Number=443", - "refsource" : "MISC", - "url" : "http://www.scriptsolutions.com/support/showflat.pl?Board=PDBugs&Number=443" - }, - { - "name" : "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=447&page=0&view=collapsed&sb=5&o=186&vc=1#Post447", - "refsource" : "MISC", - "url" : "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=447&page=0&view=collapsed&sb=5&o=186&vc=1#Post447" - }, - { - "name" : "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=443&Search=true&Forum=All_Forums&Words=werner&Match=Entire%20Phrase&Searchpage=0&Limit=25&Old=1month&Main=443", - "refsource" : "MISC", - "url" : "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=443&Search=true&Forum=All_Forums&Words=werner&Match=Entire%20Phrase&Searchpage=0&Limit=25&Old=1month&Main=443" - }, - { - "name" : "1015146", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver 1.x allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.scriptsolutions.com/support/showflat.pl?Board=PDBugs&Number=443", + "refsource": "MISC", + "url": "http://www.scriptsolutions.com/support/showflat.pl?Board=PDBugs&Number=443" + }, + { + "name": "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=443&Search=true&Forum=All_Forums&Words=werner&Match=Entire%20Phrase&Searchpage=0&Limit=25&Old=1month&Main=443", + "refsource": "MISC", + "url": "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=443&Search=true&Forum=All_Forums&Words=werner&Match=Entire%20Phrase&Searchpage=0&Limit=25&Old=1month&Main=443" + }, + { + "name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-014-perldiver.txt", + "refsource": "MISC", + "url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-014-perldiver.txt" + }, + { + "name": "20050920 perldiver", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0543.html" + }, + { + "name": "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=447&page=0&view=collapsed&sb=5&o=186&vc=1#Post447", + "refsource": "MISC", + "url": "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=447&page=0&view=collapsed&sb=5&o=186&vc=1#Post447" + }, + { + "name": "1015146", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015146" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3102.json b/2005/3xxx/CVE-2005-3102.json index b4e01fa5682..e2780858ab4 100644 --- a/2005/3xxx/CVE-2005-3102.json +++ b/2005/3xxx/CVE-2005-3102.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051103 Buggy blogging", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html" - }, - { - "name" : "16899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051103 Buggy blogging", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html" + }, + { + "name": "16899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16899" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3260.json b/2005/3xxx/CVE-2005-3260.json index 29fc37d7071..8000c1418a0 100644 --- a/2005/3xxx/CVE-2005-3260.json +++ b/2005/3xxx/CVE-2005-3260.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051010 versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112907535528616&w=2" - }, - { - "name" : "http://rgod.altervista.org/versatile100RC2.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/versatile100RC2.html" - }, - { - "name" : "15073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15073" - }, - { - "name" : "19969", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19969" - }, - { - "name" : "19970", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19970" - }, - { - "name" : "19971", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19971" - }, - { - "name" : "17174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17174/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19971", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19971" + }, + { + "name": "19970", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19970" + }, + { + "name": "20051010 versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112907535528616&w=2" + }, + { + "name": "19969", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19969" + }, + { + "name": "http://rgod.altervista.org/versatile100RC2.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/versatile100RC2.html" + }, + { + "name": "15073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15073" + }, + { + "name": "17174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17174/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3353.json b/2005/3xxx/CVE-2005-3353.json index c19f9e7d179..05b3912a5b9 100644 --- a/2005/3xxx/CVE-2005-3353.json +++ b/2005/3xxx/CVE-2005-3353.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.php.net/bug.php?id=34704", - "refsource" : "MISC", - "url" : "http://bugs.php.net/bug.php?id=34704" - }, - { - "name" : "http://www.php.net/ChangeLog-4.php#4.4.1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-4.php#4.4.1" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=303382", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=303382" - }, - { - "name" : "APPLE-SA-2006-03-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html" - }, - { - "name" : "DSA-1206", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1206" - }, - { - "name" : "FLSA:166943", - "refsource" : "FEDORA", - "url" : "http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html" - }, - { - "name" : "HPSBMA02159", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "SSRT061238", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "MDKSA-2005:213", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213" - }, - { - "name" : "OpenPKG-SA-2005.027", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html" - }, - { - "name" : "RHSA-2005:831", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2005-831.html" - }, - { - "name" : "SUSE-SA:2005:069", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/archive/1/419504/100/0/threaded" - }, - { - "name" : "TLSA-2006-38", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" - }, - { - "name" : "USN-232-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/usn-232-1/" - }, - { - "name" : "TA06-062A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" - }, - { - "name" : "15358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15358" - }, - { - "name" : "16907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16907" - }, - { - "name" : "oval:org.mitre.oval:def:11032", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11032" - }, - { - "name" : "ADV-2006-0791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0791" - }, - { - "name" : "ADV-2006-4320", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4320" - }, - { - "name" : "18054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18054" - }, - { - "name" : "17371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17371" - }, - { - "name" : "18198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18198" - }, - { - "name" : "19064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19064" - }, - { - "name" : "17490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17490" - }, - { - "name" : "17531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17531" - }, - { - "name" : "17557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17557" - }, - { - "name" : "22691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22691" - }, - { - "name" : "22713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22713" - }, - { - "name" : "525", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/525" - }, - { - "name" : "php-exif-dos(24351)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15358" + }, + { + "name": "22691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22691" + }, + { + "name": "MDKSA-2005:213", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213" + }, + { + "name": "TLSA-2006-38", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" + }, + { + "name": "18198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18198" + }, + { + "name": "DSA-1206", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1206" + }, + { + "name": "SSRT061238", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "HPSBMA02159", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "525", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/525" + }, + { + "name": "php-exif-dos(24351)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24351" + }, + { + "name": "19064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19064" + }, + { + "name": "18054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18054" + }, + { + "name": "22713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22713" + }, + { + "name": "16907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16907" + }, + { + "name": "FLSA:166943", + "refsource": "FEDORA", + "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html" + }, + { + "name": "17371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17371" + }, + { + "name": "ADV-2006-0791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0791" + }, + { + "name": "ADV-2006-4320", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4320" + }, + { + "name": "APPLE-SA-2006-03-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html" + }, + { + "name": "RHSA-2005:831", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2005-831.html" + }, + { + "name": "http://www.php.net/ChangeLog-4.php#4.4.1", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-4.php#4.4.1" + }, + { + "name": "17490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17490" + }, + { + "name": "SUSE-SA:2005:069", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/archive/1/419504/100/0/threaded" + }, + { + "name": "TA06-062A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" + }, + { + "name": "oval:org.mitre.oval:def:11032", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11032" + }, + { + "name": "17531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17531" + }, + { + "name": "OpenPKG-SA-2005.027", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html" + }, + { + "name": "17557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17557" + }, + { + "name": "USN-232-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/usn-232-1/" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=303382", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=303382" + }, + { + "name": "http://bugs.php.net/bug.php?id=34704", + "refsource": "MISC", + "url": "http://bugs.php.net/bug.php?id=34704" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3454.json b/2005/3xxx/CVE-2005-3454.json index abea01b6b85..5fe67f4fed7 100644 --- a/2005/3xxx/CVE-2005-3454.json +++ b/2005/3xxx/CVE-2005-3454.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7) OCS07, (8) OCS08, (9) OCS09, and (10) OCS10 for Email Server; and (11) OCS11, (12) OCS12, and (13) OCS13 for Oracle Files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7) OCS07, (8) OCS08, (9) OCS09, and (10) OCS10 for Email Server; and (11) OCS11, (12) OCS12, and (13) OCS13 for Oracle Files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3812.json b/2005/3xxx/CVE-2005-3812.json index d47c91ad82b..3c9233e70c1 100644 --- a/2005/3xxx/CVE-2005-3812.json +++ b/2005/3xxx/CVE-2005-3812.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051124 freeFTPd 1.0.10 (Dos,Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417602/30/0/threaded" - }, - { - "name" : "15557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15557" - }, - { - "name" : "ADV-2005-2580", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2580" - }, - { - "name" : "17737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2580", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2580" + }, + { + "name": "20051124 freeFTPd 1.0.10 (Dos,Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417602/30/0/threaded" + }, + { + "name": "15557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15557" + }, + { + "name": "17737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17737" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3921.json b/2005/3xxx/CVE-2005-3921.json index 2e8df802056..0305fd8ef01 100644 --- a/2005/3xxx/CVE-2005-3921.json +++ b/2005/3xxx/CVE-2005-3921.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060117 Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=372" - }, - { - "name" : "20051128 - Cisco IOS HTTP Server code injection/execution vulnerability-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417916/100/0/threaded" - }, - { - "name" : "http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html", - "refsource" : "MISC", - "url" : "http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html" - }, - { - "name" : "20051201 IOS HTTP Server Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml" - }, - { - "name" : "15602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15602" - }, - { - "name" : "16291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16291" - }, - { - "name" : "oval:org.mitre.oval:def:5867", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5867" - }, - { - "name" : "ADV-2005-2657", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2657" - }, - { - "name" : "1015275", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015275" - }, - { - "name" : "17780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17780" - }, - { - "name" : "18528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18528" - }, - { - "name" : "227", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17780" + }, + { + "name": "ADV-2005-2657", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2657" + }, + { + "name": "20051201 IOS HTTP Server Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml" + }, + { + "name": "18528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18528" + }, + { + "name": "oval:org.mitre.oval:def:5867", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5867" + }, + { + "name": "20060117 Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=372" + }, + { + "name": "20051128 - Cisco IOS HTTP Server code injection/execution vulnerability-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417916/100/0/threaded" + }, + { + "name": "227", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/227" + }, + { + "name": "15602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15602" + }, + { + "name": "1015275", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015275" + }, + { + "name": "http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html", + "refsource": "MISC", + "url": "http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html" + }, + { + "name": "16291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16291" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5443.json b/2007/5xxx/CVE-2007-5443.json index 17aeb769edf..19139419b81 100644 --- a/2007/5xxx/CVE-2007-5443.json +++ b/2007/5xxx/CVE-2007-5443.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071010 Several vulnerabilities in CMS Made Simple 1.1.3.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481984/100/0/threaded" - }, - { - "name" : "http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/", - "refsource" : "CONFIRM", - "url" : "http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/" - }, - { - "name" : "42471", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42471" - }, - { - "name" : "42472", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42472" - }, - { - "name" : "3223", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42471", + "refsource": "OSVDB", + "url": "http://osvdb.org/42471" + }, + { + "name": "20071010 Several vulnerabilities in CMS Made Simple 1.1.3.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481984/100/0/threaded" + }, + { + "name": "42472", + "refsource": "OSVDB", + "url": "http://osvdb.org/42472" + }, + { + "name": "http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/", + "refsource": "CONFIRM", + "url": "http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/" + }, + { + "name": "3223", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3223" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5645.json b/2007/5xxx/CVE-2007-5645.json index dde86b4e227..471adc7b5f9 100644 --- a/2007/5xxx/CVE-2007-5645.json +++ b/2007/5xxx/CVE-2007-5645.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5645", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5645. Reason: This candidate is a duplicate of CVE-2006-5645, due to a typo. Notes: All CVE users should reference CVE-2006-5645 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-5645", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5645. Reason: This candidate is a duplicate of CVE-2006-5645, due to a typo. Notes: All CVE users should reference CVE-2006-5645 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5989.json b/2007/5xxx/CVE-2007-5989.json index 3a3a0aa684a..1412a5c094b 100644 --- a/2007/5xxx/CVE-2007-5989.json +++ b/2007/5xxx/CVE-2007-5989.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via \"short string values\" that result in heap corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484703/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html" - }, - { - "name" : "26748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26748" - }, - { - "name" : "ADV-2007-4110", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4110" - }, - { - "name" : "39170", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39170" - }, - { - "name" : "1019056", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019056" - }, - { - "name" : "27934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27934" - }, - { - "name" : "3440", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via \"short string values\" that result in heap corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-4110", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4110" + }, + { + "name": "1019056", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019056" + }, + { + "name": "27934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27934" + }, + { + "name": "3440", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3440" + }, + { + "name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded" + }, + { + "name": "39170", + "refsource": "OSVDB", + "url": "http://osvdb.org/39170" + }, + { + "name": "26748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26748" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2017.json b/2009/2xxx/CVE-2009-2017.json index 95b615f629d..773b7b2fa33 100644 --- a/2009/2xxx/CVE-2009-2017.json +++ b/2009/2xxx/CVE-2009-2017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8893", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8893" - }, - { - "name" : "35375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35375" - }, - { - "name" : "ADV-2009-1526", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1526", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1526" + }, + { + "name": "8893", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8893" + }, + { + "name": "35375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35375" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2073.json b/2009/2xxx/CVE-2009-2073.json index 01bd9a4c879..6ac8da6dcc3 100644 --- a/2009/2xxx/CVE-2009-2073.json +++ b/2009/2xxx/CVE-2009-2073.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/109/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/109/45/" - }, - { - "name" : "34448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34448" - }, - { - "name" : "53414", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/53414" - }, - { - "name" : "34625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34625" - }, - { - "name" : "ADV-2009-0982", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0982" - }, - { - "name" : "wrt160n-unspecified-csrf(49775)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53414", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/53414" + }, + { + "name": "ADV-2009-0982", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0982" + }, + { + "name": "34448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34448" + }, + { + "name": "34625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34625" + }, + { + "name": "http://holisticinfosec.org/content/view/109/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/109/45/" + }, + { + "name": "wrt160n-unspecified-csrf(49775)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49775" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2385.json b/2009/2xxx/CVE-2009-2385.json index d3053425f76..4bf4706c4b4 100644 --- a/2009/2xxx/CVE-2009-2385.json +++ b/2009/2xxx/CVE-2009-2385.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9050", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9050" - }, - { - "name" : "35536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35536" - }, - { - "name" : "35661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35661" - }, - { - "name" : "memberawards-id-sql-injection(51441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35661" + }, + { + "name": "memberawards-id-sql-injection(51441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51441" + }, + { + "name": "9050", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9050" + }, + { + "name": "35536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35536" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2617.json b/2009/2xxx/CVE-2009-2617.json index 9e44cbe1e15..d9186c05fa1 100644 --- a/2009/2xxx/CVE-2009-2617.json +++ b/2009/2xxx/CVE-2009-2617.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090628 Baofeng Media Player playlist stack overflow", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=124624413120440&w=2" - }, - { - "name" : "20090629 Re: Baofeng Media Player playlist stack overflow", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=124627617220913&w=2" - }, - { - "name" : "35512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35512" - }, - { - "name" : "35592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090628 Baofeng Media Player playlist stack overflow", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=124624413120440&w=2" + }, + { + "name": "35512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35512" + }, + { + "name": "35592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35592" + }, + { + "name": "20090629 Re: Baofeng Media Player playlist stack overflow", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=124627617220913&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2625.json b/2009/2xxx/CVE-2009-2625.json index 20c05ef2609..fd8eac6919c 100644 --- a/2009/2xxx/CVE-2009-2625.json +++ b/2009/2xxx/CVE-2009-2625.json @@ -1,372 +1,372 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-2625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "[oss-security] 20090906 Re: Re: expat bug 1990430", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/06/1" - }, - { - "name" : "[oss-security] 20091022 Re: Regarding expat bug 1990430", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/22/9" - }, - { - "name" : "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/23/6" - }, - { - "name" : "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/26/3" - }, - { - "name" : "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", - "refsource" : "MISC", - "url" : "http://www.cert.fi/en/reports/2009/vulnerability2009085.html" - }, - { - "name" : "http://www.codenomicon.com/labs/xml/", - "refsource" : "MISC", - "url" : "http://www.codenomicon.com/labs/xml/" - }, - { - "name" : "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", - "refsource" : "MISC", - "url" : "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=512921", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=512921" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" - }, - { - "name" : "APPLE-SA-2009-09-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" - }, - { - "name" : "DSA-1984", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1984" - }, - { - "name" : "FEDORA-2009-8329", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" - }, - { - "name" : "FEDORA-2009-8337", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" - }, - { - "name" : "HPSBUX02476", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125787273209737&w=2" - }, - { - "name" : "SSRT090250", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125787273209737&w=2" - }, - { - "name" : "MDVSA-2009:209", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" - }, - { - "name" : "MDVSA-2011:108", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108" - }, - { - "name" : "RHSA-2009:1199", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1199.html" - }, - { - "name" : "RHSA-2009:1200", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1200.html" - }, - { - "name" : "RHSA-2009:1201", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1201.html" - }, - { - "name" : "RHSA-2009:1615", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1615.html" - }, - { - "name" : "RHSA-2009:1636", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1636.html" - }, - { - "name" : "RHSA-2009:1637", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1637.html" - }, - { - "name" : "RHSA-2009:1649", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1649.html" - }, - { - "name" : "RHSA-2009:1650", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1650.html" - }, - { - "name" : "RHSA-2011:0858", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0858.html" - }, - { - "name" : "RHSA-2012:1232", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" - }, - { - "name" : "RHSA-2012:1537", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1537.html" - }, - { - "name" : "SSA:2011-041-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026" - }, - { - "name" : "263489", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1" - }, - { - "name" : "272209", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1" - }, - { - "name" : "1021506", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:053", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html" - }, - { - "name" : "SUSE-SR:2009:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "USN-890-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-890-1" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "TA10-012A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" - }, - { - "name" : "35958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35958" - }, - { - "name" : "oval:org.mitre.oval:def:8520", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520" - }, - { - "name" : "oval:org.mitre.oval:def:9356", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356" - }, - { - "name" : "1022680", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022680" - }, - { - "name" : "36162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36162" - }, - { - "name" : "36176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36176" - }, - { - "name" : "36180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36180" - }, - { - "name" : "36199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36199" - }, - { - "name" : "37300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37300" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "37671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37671" - }, - { - "name" : "37754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37754" - }, - { - "name" : "38342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38342" - }, - { - "name" : "38231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38231" - }, - { - "name" : "43300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43300" - }, - { - "name" : "50549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50549" - }, - { - "name" : "ADV-2009-2543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2543" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "ADV-2011-0359", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2011-041-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026" + }, + { + "name": "RHSA-2009:1200", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html" + }, + { + "name": "RHSA-2009:1199", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html" + }, + { + "name": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", + "refsource": "MISC", + "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html" + }, + { + "name": "USN-890-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-890-1" + }, + { + "name": "36162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36162" + }, + { + "name": "ADV-2009-2543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2543" + }, + { + "name": "DSA-1984", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1984" + }, + { + "name": "[oss-security] 20091022 Re: Regarding expat bug 1990430", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9" + }, + { + "name": "1021506", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "RHSA-2009:1615", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "HPSBUX02476", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2" + }, + { + "name": "37754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37754" + }, + { + "name": "RHSA-2009:1637", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html" + }, + { + "name": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", + "refsource": "MISC", + "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html" + }, + { + "name": "http://www.codenomicon.com/labs/xml/", + "refsource": "MISC", + "url": "http://www.codenomicon.com/labs/xml/" + }, + { + "name": "36199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36199" + }, + { + "name": "RHSA-2012:1537", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "MDVSA-2009:209", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" + }, + { + "name": "FEDORA-2009-8329", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" + }, + { + "name": "RHSA-2011:0858", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html" + }, + { + "name": "SSRT090250", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2" + }, + { + "name": "1022680", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022680" + }, + { + "name": "37671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37671" + }, + { + "name": "38342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38342" + }, + { + "name": "RHSA-2009:1636", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html" + }, + { + "name": "35958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35958" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "RHSA-2009:1649", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html" + }, + { + "name": "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "50549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50549" + }, + { + "name": "oval:org.mitre.oval:def:8520", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520" + }, + { + "name": "36180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36180" + }, + { + "name": "38231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38231" + }, + { + "name": "272209", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1" + }, + { + "name": "MDVSA-2011:108", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1" + }, + { + "name": "36176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36176" + }, + { + "name": "FEDORA-2009-8337", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" + }, + { + "name": "43300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43300" + }, + { + "name": "oval:org.mitre.oval:def:9356", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356" + }, + { + "name": "TA10-012A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "RHSA-2012:1232", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html" + }, + { + "name": "263489", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1" + }, + { + "name": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h" + }, + { + "name": "37300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37300" + }, + { + "name": "APPLE-SA-2009-09-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" + }, + { + "name": "SUSE-SA:2009:053", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=512921", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921" + }, + { + "name": "RHSA-2009:1201", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html" + }, + { + "name": "SUSE-SR:2009:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" + }, + { + "name": "[oss-security] 20090906 Re: Re: expat bug 1990430", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1" + }, + { + "name": "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6" + }, + { + "name": "ADV-2011-0359", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0359" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "RHSA-2009:1650", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2793.json b/2009/2xxx/CVE-2009-2793.json index d8fd8b0dc3f..2330c7a4d5a 100644 --- a/2009/2xxx/CVE-2009-2793.json +++ b/2009/2xxx/CVE-2009-2793.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090916 Iret #GP on pre-commit handling failure: the NetBSD case (CVE-2009-2793)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506531/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090916 Iret #GP on pre-commit handling failure: the NetBSD case (CVE-2009-2793)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506531/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2883.json b/2009/2xxx/CVE-2009-2883.json index 784ea6f17f7..21a07975a21 100644 --- a/2009/2xxx/CVE-2009-2883.json +++ b/2009/2xxx/CVE-2009-2883.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9248", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9248" - }, - { - "name" : "35795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35795" - }, - { - "name" : "saphplesson-login-sql-injection(51983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "saphplesson-login-sql-injection(51983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51983" + }, + { + "name": "9248", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9248" + }, + { + "name": "35795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35795" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2923.json b/2009/2xxx/CVE-2009-2923.json index 1ffe1908f9e..1168a0ad703 100644 --- a/2009/2xxx/CVE-2009-2923.json +++ b/2009/2xxx/CVE-2009-2923.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9444", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9444" - }, - { - "name" : "57246", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57246" - }, - { - "name" : "57247", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57247", + "refsource": "OSVDB", + "url": "http://osvdb.org/57247" + }, + { + "name": "57246", + "refsource": "OSVDB", + "url": "http://osvdb.org/57246" + }, + { + "name": "9444", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9444" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3040.json b/2009/3xxx/CVE-2009-3040.json index dc5eba0bec0..ef53fb7dc93 100644 --- a/2009/3xxx/CVE-2009-3040.json +++ b/2009/3xxx/CVE-2009-3040.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090530 OCS Inventory NG 1.02 - Multiple SQL Injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503936/100/0/threaded" - }, - { - "name" : "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml", - "refsource" : "MISC", - "url" : "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml" - }, - { - "name" : "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=140&cntnt01returnid=72", - "refsource" : "CONFIRM", - "url" : "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=140&cntnt01returnid=72" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml", + "refsource": "MISC", + "url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml" + }, + { + "name": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=140&cntnt01returnid=72", + "refsource": "CONFIRM", + "url": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=140&cntnt01returnid=72" + }, + { + "name": "20090530 OCS Inventory NG 1.02 - Multiple SQL Injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503936/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3140.json b/2009/3xxx/CVE-2009-3140.json index 9ef726c8434..6f660132237 100644 --- a/2009/3xxx/CVE-2009-3140.json +++ b/2009/3xxx/CVE-2009-3140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3140", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3140", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3246.json b/2009/3xxx/CVE-2009-3246.json index 2b695817545..8850d85f979 100644 --- a/2009/3xxx/CVE-2009-3246.json +++ b/2009/3xxx/CVE-2009-3246.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9555", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9555" - }, - { - "name" : "http://www.packetstormsecurity.com/0909-exploits/mybuxscript-sql.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/0909-exploits/mybuxscript-sql.txt" - }, - { - "name" : "ADV-2009-2495", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2495" - }, - { - "name" : "ptcbux-spnews-sql-injection(52945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2495", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2495" + }, + { + "name": "9555", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9555" + }, + { + "name": "http://www.packetstormsecurity.com/0909-exploits/mybuxscript-sql.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/0909-exploits/mybuxscript-sql.txt" + }, + { + "name": "ptcbux-spnews-sql-injection(52945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52945" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3322.json b/2009/3xxx/CVE-2009-3322.json index 0b3d68667e7..05d32d05b83 100644 --- a/2009/3xxx/CVE-2009-3322.json +++ b/2009/3xxx/CVE-2009-3322.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090911 Siemens Gigaset SE361 Wlan - Remote Reboot", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506414/100/0/threaded" - }, - { - "name" : "9646", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9646" - }, - { - "name" : "36366", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36366" - }, - { - "name" : "58199", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58199" - }, - { - "name" : "36697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36697" + }, + { + "name": "9646", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9646" + }, + { + "name": "58199", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58199" + }, + { + "name": "36366", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36366" + }, + { + "name": "20090911 Siemens Gigaset SE361 Wlan - Remote Reboot", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506414/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3962.json b/2009/3xxx/CVE-2009-3962.json index 3fa57dc111a..d4bd6b529fc 100644 --- a/2009/3xxx/CVE-2009-3962.json +++ b/2009/3xxx/CVE-2009-3962.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a related issue to CVE-2006-4523." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091029 2wire Remote Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507587/100/0/threaded" - }, - { - "name" : "http://webvuln.com/advisories/2wire.remote.denial.of.service.txt", - "refsource" : "MISC", - "url" : "http://webvuln.com/advisories/2wire.remote.denial.of.service.txt" - }, - { - "name" : "1023116", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023116" - }, - { - "name" : "ADV-2009-3110", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a related issue to CVE-2006-4523." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091029 2wire Remote Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507587/100/0/threaded" + }, + { + "name": "http://webvuln.com/advisories/2wire.remote.denial.of.service.txt", + "refsource": "MISC", + "url": "http://webvuln.com/advisories/2wire.remote.denial.of.service.txt" + }, + { + "name": "1023116", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023116" + }, + { + "name": "ADV-2009-3110", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3110" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0023.json b/2015/0xxx/CVE-2015-0023.json index 0621ef0f25e..cb145401330 100644 --- a/2015/0xxx/CVE-2015-0023.json +++ b/2015/0xxx/CVE-2015-0023.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150210 Microsoft Internet Explorer CTreeNode Use-after-Free Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1090" - }, - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72438" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "20150210 Microsoft Internet Explorer CTreeNode Use-after-Free Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1090" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + }, + { + "name": "72438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72438" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0052.json b/2015/0xxx/CVE-2015-0052.json index b5906a75360..acb8dfef588 100644 --- a/2015/0xxx/CVE-2015-0052.json +++ b/2015/0xxx/CVE-2015-0052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0068." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72420" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0068." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "72420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72420" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0092.json b/2015/0xxx/CVE-2015-0092.json index bd59addda92..1de7553243f 100644 --- a/2015/0xxx/CVE-2015-0092.json +++ b/2015/0xxx/CVE-2015-0092.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka \"Adobe Font Driver Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021" - }, - { - "name" : "72906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72906" - }, - { - "name" : "1031889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka \"Adobe Font Driver Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021" + }, + { + "name": "72906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72906" + }, + { + "name": "1031889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031889" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0333.json b/2015/0xxx/CVE-2015-0333.json index abe3fed7bfc..be9e13ac50a 100644 --- a/2015/0xxx/CVE-2015-0333.json +++ b/2015/0xxx/CVE-2015-0333.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0335, and CVE-2015-0339." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html" - }, - { - "name" : "GLSA-201503-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-09" - }, - { - "name" : "RHSA-2015:0697", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0697.html" - }, - { - "name" : "SUSE-SU-2015:0491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:0493", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html" - }, - { - "name" : "openSUSE-SU-2015:0490", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:0496", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html" - }, - { - "name" : "1031922", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0335, and CVE-2015-0339." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0490", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html" + }, + { + "name": "GLSA-201503-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-09" + }, + { + "name": "1031922", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031922" + }, + { + "name": "SUSE-SU-2015:0493", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html" + }, + { + "name": "openSUSE-SU-2015:0496", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html" + }, + { + "name": "RHSA-2015:0697", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0697.html" + }, + { + "name": "SUSE-SU-2015:0491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0589.json b/2015/0xxx/CVE-2015-0589.json index 011d32903f5..d7e26cd57d8 100644 --- a/2015/0xxx/CVE-2015-0589.json +++ b/2015/0xxx/CVE-2015-0589.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150204 Cisco WebEx Meetings Server Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx" - }, - { - "name" : "72493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72493" - }, - { - "name" : "1031692", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031692" - }, - { - "name" : "62799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62799" - }, - { - "name" : "cisco-webex-cve20150589-command-exec(100719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031692", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031692" + }, + { + "name": "62799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62799" + }, + { + "name": "cisco-webex-cve20150589-command-exec(100719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719" + }, + { + "name": "20150204 Cisco WebEx Meetings Server Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx" + }, + { + "name": "72493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72493" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0596.json b/2015/0xxx/CVE-2015-0596.json index d67373b30f8..fa8b39ab72a 100644 --- a/2015/0xxx/CVE-2015-0596.json +++ b/2015/0xxx/CVE-2015-0596.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37239", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37239" - }, - { - "name" : "20150129 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0596" - }, - { - "name" : "72371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72371" - }, - { - "name" : "1031677", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031677" - }, - { - "name" : "61797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61797" - }, - { - "name" : "cisco-webex-cve20150596-csrf(100665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031677", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031677" + }, + { + "name": "61797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61797" + }, + { + "name": "72371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72371" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37239", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37239" + }, + { + "name": "cisco-webex-cve20150596-csrf(100665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100665" + }, + { + "name": "20150129 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0596" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0932.json b/2015/0xxx/CVE-2015-0932.json index 6fa282ca997..6c7e58f5558 100644 --- a/2015/0xxx/CVE-2015-0932.json +++ b/2015/0xxx/CVE-2015-0932.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-0932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.cylance.com/spear-team-cve-2015-0932", - "refsource" : "MISC", - "url" : "http://blog.cylance.com/spear-team-cve-2015-0932" - }, - { - "name" : "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/", - "refsource" : "MISC", - "url" : "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/" - }, - { - "name" : "http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133", - "refsource" : "CONFIRM", - "url" : "http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133" - }, - { - "name" : "VU#930956", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/930956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/", + "refsource": "MISC", + "url": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/" + }, + { + "name": "VU#930956", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/930956" + }, + { + "name": "http://blog.cylance.com/spear-team-cve-2015-0932", + "refsource": "MISC", + "url": "http://blog.cylance.com/spear-team-cve-2015-0932" + }, + { + "name": "http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133", + "refsource": "CONFIRM", + "url": "http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0956.json b/2015/0xxx/CVE-2015-0956.json index da76ff0caec..a7680f5cb49 100644 --- a/2015/0xxx/CVE-2015-0956.json +++ b/2015/0xxx/CVE-2015-0956.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0956", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0956", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1204.json b/2015/1xxx/CVE-2015-1204.json index dd257584c4e..5e56aad0d10 100644 --- a/2015/1xxx/CVE-2015-1204.json +++ b/2015/1xxx/CVE-2015-1204.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wpvulndb.com/vulnerabilities/7744", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/7744" - }, - { - "name" : "https://wordpress.org/plugins/wp-slimstat/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wp-slimstat/changelog/" - }, - { - "name" : "62034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wp-slimstat/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-slimstat/changelog/" + }, + { + "name": "62034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62034" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/7744", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/7744" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1376.json b/2015/1xxx/CVE-2015-1376.json index 32ee653bebd..1c194535065 100644 --- a/2015/1xxx/CVE-2015-1376.json +++ b/2015/1xxx/CVE-2015-1376.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534505/100/0/threaded" - }, - { - "name" : "35846", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35846" - }, - { - "name" : "20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/75" - }, - { - "name" : "[oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/25/5" - }, - { - "name" : "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/75" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php" + }, + { + "name": "35846", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35846" + }, + { + "name": "20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534505/100/0/threaded" + }, + { + "name": "[oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/25/5" + }, + { + "name": "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1941.json b/2015/1xxx/CVE-2015-1941.json index c1df77c6144..b4ef21d0c65 100644 --- a/2015/1xxx/CVE-2015-1941.json +++ b/2015/1xxx/CVE-2015-1941.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-268", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-268" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398" - }, - { - "name" : "75446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75446" - }, - { - "name" : "1032773", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032773", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032773" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-268", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-268" + }, + { + "name": "75446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75446" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4017.json b/2015/4xxx/CVE-2015-4017.json index 5d3531dbed1..5293db86d04 100644 --- a/2015/4xxx/CVE-2015-4017.json +++ b/2015/4xxx/CVE-2015-4017.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150518 Re: [saltstack-security] CVE Request / Saltstack SSL verification disabling for alibabab cloud module", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/05/19/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1222960", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1222960" - }, - { - "name" : "https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html", - "refsource" : "CONFIRM", - "url" : "https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html" - }, - { - "name" : "https://groups.google.com/forum/#!topic/salt-users/8Kv1bytGD6c", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/salt-users/8Kv1bytGD6c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html", + "refsource": "CONFIRM", + "url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html" + }, + { + "name": "[oss-security] 20150518 Re: [saltstack-security] CVE Request / Saltstack SSL verification disabling for alibabab cloud module", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/05/19/2" + }, + { + "name": "https://groups.google.com/forum/#!topic/salt-users/8Kv1bytGD6c", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/salt-users/8Kv1bytGD6c" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222960", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222960" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4146.json b/2015/4xxx/CVE-2015-4146.json index 9c7c3af890f..c08687a8255 100644 --- a/2015/4xxx/CVE-2015-4146.json +++ b/2015/4xxx/CVE-2015-4146.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150509 Re: CVE request: vulnerability in wpa_supplicant and hostapd", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/05/09/6" - }, - { - "name" : "[oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/05/31/6" - }, - { - "name" : "http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch", - "refsource" : "CONFIRM", - "url" : "http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch" - }, - { - "name" : "http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt", - "refsource" : "CONFIRM", - "url" : "http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt" - }, - { - "name" : "DSA-3397", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3397" - }, - { - "name" : "GLSA-201606-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-17" - }, - { - "name" : "openSUSE-SU-2015:1030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html" - }, - { - "name" : "USN-2650-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2650-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/05/31/6" + }, + { + "name": "http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch", + "refsource": "CONFIRM", + "url": "http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch" + }, + { + "name": "DSA-3397", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3397" + }, + { + "name": "GLSA-201606-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-17" + }, + { + "name": "USN-2650-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2650-1" + }, + { + "name": "http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt", + "refsource": "CONFIRM", + "url": "http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt" + }, + { + "name": "openSUSE-SU-2015:1030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html" + }, + { + "name": "[oss-security] 20150509 Re: CVE request: vulnerability in wpa_supplicant and hostapd", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/05/09/6" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4245.json b/2015/4xxx/CVE-2015-4245.json index 4a6c397f671..c6d9e0e551e 100644 --- a/2015/4xxx/CVE-2015-4245.json +++ b/2015/4xxx/CVE-2015-4245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4245", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4245", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4360.json b/2015/4xxx/CVE-2015-4360.json index 81b4c658ae9..43f85f69b7a 100644 --- a/2015/4xxx/CVE-2015-4360.json +++ b/2015/4xxx/CVE-2015-4360.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2445955", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2445955" - }, - { - "name" : "https://www.drupal.org/node/2446157", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2446157" - }, - { - "name" : "https://www.drupal.org/node/2465177", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2465177" - }, - { - "name" : "https://www.drupal.org/node/2465179", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2465179" - }, - { - "name" : "https://www.drupal.org/node/2465181", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2465181" - }, - { - "name" : "72961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2465177", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2465177" + }, + { + "name": "https://www.drupal.org/node/2446157", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2446157" + }, + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "https://www.drupal.org/node/2465179", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2465179" + }, + { + "name": "https://www.drupal.org/node/2465181", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2465181" + }, + { + "name": "72961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72961" + }, + { + "name": "https://www.drupal.org/node/2445955", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2445955" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4495.json b/2015/4xxx/CVE-2015-4495.json index c62c915f512..66d61a0e9a3 100644 --- a/2015/4xxx/CVE-2015-4495.json +++ b/2015/4xxx/CVE-2015-4495.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37772", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37772/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-78.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-78.html" - }, - { - "name" : "https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/", - "refsource" : "CONFIRM", - "url" : "https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1178058", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1178058" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1179262", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1179262" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:1581", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1581.html" - }, - { - "name" : "SUSE-SU-2015:1379", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:1389", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:1390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1449", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:1528", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" - }, - { - "name" : "SUSE-SU-2015:1380", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html" - }, - { - "name" : "USN-2707-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2707-1" - }, - { - "name" : "76249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76249" - }, - { - "name" : "1033216", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1179262", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1179262" + }, + { + "name": "SUSE-SU-2015:1379", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html" + }, + { + "name": "SUSE-SU-2015:1380", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html" + }, + { + "name": "76249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76249" + }, + { + "name": "37772", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37772/" + }, + { + "name": "RHSA-2015:1581", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1581.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "openSUSE-SU-2015:1389", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" + }, + { + "name": "USN-2707-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2707-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:1528", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1178058", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1178058" + }, + { + "name": "https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/", + "refsource": "CONFIRM", + "url": "https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-78.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-78.html" + }, + { + "name": "1033216", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033216" + }, + { + "name": "SUSE-SU-2015:1449", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" + }, + { + "name": "openSUSE-SU-2015:1390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4601.json b/2015/4xxx/CVE-2015-4601.json index aa864a9fdb1..43e8a007297 100644 --- a/2015/4xxx/CVE-2015-4601.json +++ b/2015/4xxx/CVE-2015-4601.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to \"type confusion\" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-4601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150616 Re: CVE Request: various issues in PHP", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/16/12" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "RHSA-2015:1135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1135.html" - }, - { - "name" : "RHSA-2015:1218", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1218.html" - }, - { - "name" : "75246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75246" - }, - { - "name" : "1032709", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to \"type confusion\" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032709", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032709" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8" + }, + { + "name": "75246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75246" + }, + { + "name": "[oss-security] 20150616 Re: CVE Request: various issues in PHP", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/16/12" + }, + { + "name": "RHSA-2015:1135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html" + }, + { + "name": "RHSA-2015:1218", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4718.json b/2015/4xxx/CVE-2015-4718.json index 507766f320c..7440f677d50 100644 --- a/2015/4xxx/CVE-2015-4718.json +++ b/2015/4xxx/CVE-2015-4718.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-008", - "refsource" : "CONFIRM", - "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-008" - }, - { - "name" : "DSA-3373", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3373" - }, - { - "name" : "76162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3373", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3373" + }, + { + "name": "76162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76162" + }, + { + "name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-008", + "refsource": "CONFIRM", + "url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-008" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8118.json b/2015/8xxx/CVE-2015-8118.json index 3f6f22bb9a0..f32da413234 100644 --- a/2015/8xxx/CVE-2015-8118.json +++ b/2015/8xxx/CVE-2015-8118.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8118", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8118", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8425.json b/2015/8xxx/CVE-2015-8425.json index 315e24f759b..da74191a308 100644 --- a/2015/8xxx/CVE-2015-8425.json +++ b/2015/8xxx/CVE-2015-8425.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39049", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39049/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "39049", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39049/" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8768.json b/2015/8xxx/CVE-2015-8768.json index 0f283fa1de9..49b99c2694e 100644 --- a/2015/8xxx/CVE-2015-8768.json +++ b/2015/8xxx/CVE-2015-8768.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160112 Re: CVE Request: click", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/12/8" - }, - { - "name" : "https://plus.google.com/+SzymonWaliczek/posts/3jbG2uiAniF", - "refsource" : "MISC", - "url" : "https://plus.google.com/+SzymonWaliczek/posts/3jbG2uiAniF" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/click/+bug/1506467", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/click/+bug/1506467" - }, - { - "name" : "https://code.launchpad.net/~cjwatson/click/audit-missing-dot-slash/+merge/274554", - "refsource" : "CONFIRM", - "url" : "https://code.launchpad.net/~cjwatson/click/audit-missing-dot-slash/+merge/274554" - }, - { - "name" : "http://bazaar.launchpad.net/~click-hackers/click/devel/revision/587", - "refsource" : "CONFIRM", - "url" : "http://bazaar.launchpad.net/~click-hackers/click/devel/revision/587" - }, - { - "name" : "https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/", - "refsource" : "CONFIRM", - "url" : "https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/" - }, - { - "name" : "USN-2771-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2771-1" - }, - { - "name" : "96386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2771-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2771-1" + }, + { + "name": "96386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96386" + }, + { + "name": "http://bazaar.launchpad.net/~click-hackers/click/devel/revision/587", + "refsource": "CONFIRM", + "url": "http://bazaar.launchpad.net/~click-hackers/click/devel/revision/587" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/click/+bug/1506467", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/click/+bug/1506467" + }, + { + "name": "https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/", + "refsource": "CONFIRM", + "url": "https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/" + }, + { + "name": "https://code.launchpad.net/~cjwatson/click/audit-missing-dot-slash/+merge/274554", + "refsource": "CONFIRM", + "url": "https://code.launchpad.net/~cjwatson/click/audit-missing-dot-slash/+merge/274554" + }, + { + "name": "[oss-security] 20160112 Re: CVE Request: click", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/12/8" + }, + { + "name": "https://plus.google.com/+SzymonWaliczek/posts/3jbG2uiAniF", + "refsource": "MISC", + "url": "https://plus.google.com/+SzymonWaliczek/posts/3jbG2uiAniF" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8828.json b/2015/8xxx/CVE-2015-8828.json index 0781ed3172d..31f3bf6b0de 100644 --- a/2015/8xxx/CVE-2015-8828.json +++ b/2015/8xxx/CVE-2015-8828.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8828", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8828", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8889.json b/2015/8xxx/CVE-2015-8889.json index d2d7bea413b..43288891c40 100644 --- a/2015/8xxx/CVE-2015-8889.json +++ b/2015/8xxx/CVE-2015-8889.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-8889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=fa774e023554427ee14d7a49181e9d4afbec035e", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=fa774e023554427ee14d7a49181e9d4afbec035e" - }, - { - "name" : "91628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=fa774e023554427ee14d7a49181e9d4afbec035e", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=fa774e023554427ee14d7a49181e9d4afbec035e" + }, + { + "name": "91628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91628" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9004.json b/2015/9xxx/CVE-2015-9004.json index 6f9033e2a27..4232784e341 100644 --- a/2015/9xxx/CVE-2015-9004.json +++ b/2015/9xxx/CVE-2015-9004.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2015-9004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-9004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511" - }, - { - "name" : "https://github.com/torvalds/linux/commit/c3c87e770458aa004bd7ed3f29945ff436fd6511", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/c3c87e770458aa004bd7ed3f29945ff436fd6511" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "https://github.com/torvalds/linux/commit/c3c87e770458aa004bd7ed3f29945ff436fd6511", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/c3c87e770458aa004bd7ed3f29945ff436fd6511" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511" + }, + { + "name": "98166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98166" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9036.json b/2015/9xxx/CVE-2015-9036.json index 6787703df15..b7e2b418434 100644 --- a/2015/9xxx/CVE-2015-9036.json +++ b/2015/9xxx/CVE-2015-9036.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2015-9036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in LTE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2015-9036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in LTE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99467" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5840.json b/2016/5xxx/CVE-2016-5840.json index e8ba7a316bb..b99eb8bd214 100644 --- a/2016/5xxx/CVE-2016-5840.json +++ b/2016/5xxx/CVE-2016-5840.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40180", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40180/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-373", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-373" - }, - { - "name" : "http://esupport.trendmicro.com/solution/en-US/1114281.aspx", - "refsource" : "CONFIRM", - "url" : "http://esupport.trendmicro.com/solution/en-US/1114281.aspx" - }, - { - "name" : "JVN#55428526", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN55428526/index.html" - }, - { - "name" : "JVNDB-2016-000103", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-373", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373" + }, + { + "name": "JVNDB-2016-000103", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html" + }, + { + "name": "JVN#55428526", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN55428526/index.html" + }, + { + "name": "40180", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40180/" + }, + { + "name": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx", + "refsource": "CONFIRM", + "url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5949.json b/2016/5xxx/CVE-2016-5949.json index 5a515b750bb..5dcf1cd818a 100644 --- a/2016/5xxx/CVE-2016-5949.json +++ b/2016/5xxx/CVE-2016-5949.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-5949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LCMS Premier on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.2" - }, - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.3.0" - }, - { - "version_value" : "9.4.0" - }, - { - "version_value" : "9.5.0" - }, - { - "version_value" : "10.0.0" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-5949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LCMS Premier on Cloud", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.2.1" + }, + { + "version_value": "9.3.0" + }, + { + "version_value": "9.4.0" + }, + { + "version_value": "9.5.0" + }, + { + "version_value": "10.0.0" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "10.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21992276", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21992276" - }, - { - "name" : "93559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93559" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21992276", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21992276" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002150.json b/2018/1002xxx/CVE-2018-1002150.json index 5704b789f33..7ca73df94cd 100644 --- a/2018/1002xxx/CVE-2018-1002150.json +++ b/2018/1002xxx/CVE-2018-1002150.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2018-1002150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "patrick@puiterwijk.org", + "ID": "CVE-2018-1002150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.pagure.org/koji/CVE-2018-1002150/", - "refsource" : "CONFIRM", - "url" : "https://docs.pagure.org/koji/CVE-2018-1002150/" - }, - { - "name" : "https://pagure.io/koji/issue/850", - "refsource" : "CONFIRM", - "url" : "https://pagure.io/koji/issue/850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.pagure.org/koji/CVE-2018-1002150/", + "refsource": "CONFIRM", + "url": "https://docs.pagure.org/koji/CVE-2018-1002150/" + }, + { + "name": "https://pagure.io/koji/issue/850", + "refsource": "CONFIRM", + "url": "https://pagure.io/koji/issue/850" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999002.json b/2018/1999xxx/CVE-2018-1999002.json index 12ef56dff43..267c61f19c0 100644 --- a/2018/1999xxx/CVE-2018-1999002.json +++ b/2018/1999xxx/CVE-2018-1999002.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-18T10:18:03.882424", - "DATE_REQUESTED" : "2018-07-18T00:00:00", - "ID" : "CVE-2018-1999002", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.132 and earlier, 2.121.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-18T10:18:03.882424", + "DATE_REQUESTED": "2018-07-18T00:00:00", + "ID": "CVE-2018-1999002", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46453", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46453/" - }, - { - "name" : "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46453", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46453/" + }, + { + "name": "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2225.json b/2018/2xxx/CVE-2018-2225.json index 454cfb5a169..38d600b220c 100644 --- a/2018/2xxx/CVE-2018-2225.json +++ b/2018/2xxx/CVE-2018-2225.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2225", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2225", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2285.json b/2018/2xxx/CVE-2018-2285.json index a51d989734b..3ccc17c69f4 100644 --- a/2018/2xxx/CVE-2018-2285.json +++ b/2018/2xxx/CVE-2018-2285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2285", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2285", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2306.json b/2018/2xxx/CVE-2018-2306.json index 0e941c9218f..b751f594808 100644 --- a/2018/2xxx/CVE-2018-2306.json +++ b/2018/2xxx/CVE-2018-2306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2306", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2306", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2521.json b/2018/2xxx/CVE-2018-2521.json index 4a277a37945..fd8e2ebb739 100644 --- a/2018/2xxx/CVE-2018-2521.json +++ b/2018/2xxx/CVE-2018-2521.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2521", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2521", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2606.json b/2018/2xxx/CVE-2018-2606.json index d5e9aee261c..8506ac6dea3 100644 --- a/2018/2xxx/CVE-2018-2606.json +++ b/2018/2xxx/CVE-2018-2606.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Guest Access", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "4.2.0" - }, - { - "version_affected" : "=", - "version_value" : "4.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Guest Access", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.2.0" + }, + { + "version_affected": "=", + "version_value": "4.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102579" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2617.json b/2018/2xxx/CVE-2018-2617.json index b748ace7f17..8e93daf2885 100644 --- a/2018/2xxx/CVE-2018-2617.json +++ b/2018/2xxx/CVE-2018-2617.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSS Support Tools", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "2.11.33" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSS Support Tools", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.11.33" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102645" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6207.json b/2018/6xxx/CVE-2018-6207.json index 53f83b51818..620ae50df5f 100644 --- a/2018/6xxx/CVE-2018-6207.json +++ b/2018/6xxx/CVE-2018-6207.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/MaxSecureAntivirus_POC/tree/master/MaxProtector32_220019", - "refsource" : "MISC", - "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/MaxSecureAntivirus_POC/tree/master/MaxProtector32_220019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/MaxSecureAntivirus_POC/tree/master/MaxProtector32_220019", + "refsource": "MISC", + "url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/MaxSecureAntivirus_POC/tree/master/MaxProtector32_220019" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6487.json b/2018/6xxx/CVE-2018-6487.json index 97fc9f14907..4bce58c1e8d 100644 --- a/2018/6xxx/CVE-2018-6487.json +++ b/2018/6xxx/CVE-2018-6487.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2018-02-20T17:00:00.000Z", - "ID" : "CVE-2018-6487", - "STATE" : "PUBLIC", - "TITLE" : "MFSBGN03799 rev.1 - Micro Focus UCMDB, Remote Disclosure of Information" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Universal CMDB Foundation Software", - "version" : { - "version_data" : [ - { - "version_value" : "10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Remote Disclosure of Information" - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.8, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Disclosure of Information" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-02-20T17:00:00.000Z", + "ID": "CVE-2018-6487", + "STATE": "PUBLIC", + "TITLE": "MFSBGN03799 rev.1 - Micro Focus UCMDB, Remote Disclosure of Information" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Universal CMDB Foundation Software", + "version": { + "version_data": [ + { + "version_value": "10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03091097", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03091097" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Remote Disclosure of Information" + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Disclosure of Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03091097", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03091097" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6532.json b/2018/6xxx/CVE-2018-6532.json index 3c9333bef3f..88ce5b3ff85 100644 --- a/2018/6xxx/CVE-2018-6532.json +++ b/2018/6xxx/CVE-2018-6532.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Icinga/icinga2/pull/6103", - "refsource" : "CONFIRM", - "url" : "https://github.com/Icinga/icinga2/pull/6103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Icinga/icinga2/pull/6103", + "refsource": "CONFIRM", + "url": "https://github.com/Icinga/icinga2/pull/6103" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6542.json b/2018/6xxx/CVE-2018-6542.json index dc12c9ba7bb..b84095f2ada 100644 --- a/2018/6xxx/CVE-2018-6542.json +++ b/2018/6xxx/CVE-2018-6542.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gdraheim/zziplib/issues/17", - "refsource" : "MISC", - "url" : "https://github.com/gdraheim/zziplib/issues/17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gdraheim/zziplib/issues/17", + "refsource": "MISC", + "url": "https://github.com/gdraheim/zziplib/issues/17" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6593.json b/2018/6xxx/CVE-2018-6593.json index f52738f6eaa..993aaafcbae 100644 --- a/2018/6xxx/CVE-2018-6593.json +++ b/2018/6xxx/CVE-2018-6593.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\\\.\\ZemanaAntiMalware to elevate privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43973", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43973/" - }, - { - "name" : "https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-6593/Malwarefox_privescl_0.c", - "refsource" : "MISC", - "url" : "https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-6593/Malwarefox_privescl_0.c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\\\.\\ZemanaAntiMalware to elevate privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43973", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43973/" + }, + { + "name": "https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-6593/Malwarefox_privescl_0.c", + "refsource": "MISC", + "url": "https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-6593/Malwarefox_privescl_0.c" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6838.json b/2018/6xxx/CVE-2018-6838.json index b637f3beece..e1192a59c3b 100644 --- a/2018/6xxx/CVE-2018-6838.json +++ b/2018/6xxx/CVE-2018-6838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6838", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6838", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7094.json b/2018/7xxx/CVE-2018-7094.json index 62801af4d83..42236150a28 100644 --- a/2018/7xxx/CVE-2018-7094.json +++ b/2018/7xxx/CVE-2018-7094.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE 3PAR Service Processors", - "version" : { - "version_data" : [ - { - "version_value" : "SP-5.0.0.0-22913(GA)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Local Disclosure of Privileged Information" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE 3PAR Service Processors", + "version": { + "version_data": [ + { + "version_value": "SP-5.0.0.0-22913(GA)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03870en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03870en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Disclosure of Privileged Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03870en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03870en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7197.json b/2018/7xxx/CVE-2018-7197.json index 935b85992a5..d39f454190b 100644 --- a/2018/7xxx/CVE-2018-7197.json +++ b/2018/7xxx/CVE-2018-7197.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pluck-cms/pluck/issues/47", - "refsource" : "MISC", - "url" : "https://github.com/pluck-cms/pluck/issues/47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pluck-cms/pluck/issues/47", + "refsource": "MISC", + "url": "https://github.com/pluck-cms/pluck/issues/47" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7378.json b/2018/7xxx/CVE-2018-7378.json index 59e1891a0a9..fa9567fa40c 100644 --- a/2018/7xxx/CVE-2018-7378.json +++ b/2018/7xxx/CVE-2018-7378.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7378", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7378", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7473.json b/2018/7xxx/CVE-2018-7473.json index bc0bffdedb9..74ee6beb028 100644 --- a/2018/7xxx/CVE-2018-7473.json +++ b/2018/7xxx/CVE-2018-7473.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.redyops.com/cve-2018-7473-open-url-redirection-vulnerability/", - "refsource" : "MISC", - "url" : "https://blog.redyops.com/cve-2018-7473-open-url-redirection-vulnerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.redyops.com/cve-2018-7473-open-url-redirection-vulnerability/", + "refsource": "MISC", + "url": "https://blog.redyops.com/cve-2018-7473-open-url-redirection-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7674.json b/2018/7xxx/CVE-2018-7674.json index c2b70c82457..66ceaee5266 100644 --- a/2018/7xxx/CVE-2018-7674.json +++ b/2018/7xxx/CVE-2018-7674.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2018-7674", - "STATE" : "PUBLIC", - "TITLE" : "IDM URL Redirection attack" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Identity Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "Prior to 4.7", - "version_value" : "4.7" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "PHYSICAL", - "availabilityImpact" : "NONE", - "baseScore" : 2.1, - "baseSeverity" : "LOW", - "confidentialityImpact" : "NONE", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. " - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2018-7674", + "STATE": "PUBLIC", + "TITLE": "IDM URL Redirection attack" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "Prior to 4.7", + "version_value": "4.7" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Upgrade to NetIQ Identity Manager 4.7." - } - ], - "source" : { - "discovery" : "INTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "Do not surf the web while running the Identity Manager console." - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 2.1, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to NetIQ Identity Manager 4.7." + } + ], + "source": { + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Do not surf the web while running the Identity Manager console." + } + ] +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1466.json b/2019/1xxx/CVE-2019-1466.json index baf73aa40bd..2e3de2a25c9 100644 --- a/2019/1xxx/CVE-2019-1466.json +++ b/2019/1xxx/CVE-2019-1466.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1466", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1466", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1991.json b/2019/1xxx/CVE-2019-1991.json index d52e951324c..9db76b9975a 100644 --- a/2019/1xxx/CVE-2019-1991.json +++ b/2019/1xxx/CVE-2019-1991.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2019-02-04T00:00:00", - "ID" : "CVE-2019-1991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Android" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2019-02-04T00:00:00", + "ID": "CVE-2019-1991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Android" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2019-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2019-02-01" - }, - { - "name" : "106946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2019-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2019-02-01" + }, + { + "name": "106946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106946" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5100.json b/2019/5xxx/CVE-2019-5100.json index c1c4fa802cd..35e32e8d924 100644 --- a/2019/5xxx/CVE-2019-5100.json +++ b/2019/5xxx/CVE-2019-5100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5309.json b/2019/5xxx/CVE-2019-5309.json index 000e1bcf6a6..1e057b9eb57 100644 --- a/2019/5xxx/CVE-2019-5309.json +++ b/2019/5xxx/CVE-2019-5309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5309", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5309", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5587.json b/2019/5xxx/CVE-2019-5587.json index cd916443bd3..ab29952141c 100644 --- a/2019/5xxx/CVE-2019-5587.json +++ b/2019/5xxx/CVE-2019-5587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5716.json b/2019/5xxx/CVE-2019-5716.json index 7f71ae72004..04c5d5e7778 100644 --- a/2019/5xxx/CVE-2019-5716.json +++ b/2019/5xxx/CVE-2019-5716.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190128 [SECURITY] [DLA 1645-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2019-01.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2019-01.html" - }, - { - "name" : "106482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1645-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html" + }, + { + "name": "106482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106482" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2019-01.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2019-01.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217" + } + ] + } +} \ No newline at end of file