From 31d1eda3cf18208312e07d2f425e424316ea3ba5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:09:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0327.json | 120 ++++++------- 1999/0xxx/CVE-1999-0395.json | 120 ++++++------- 1999/1xxx/CVE-1999-1167.json | 140 +++++++-------- 2000/1xxx/CVE-2000-1197.json | 140 +++++++-------- 2005/2xxx/CVE-2005-2211.json | 130 +++++++------- 2007/5xxx/CVE-2007-5177.json | 150 ++++++++-------- 2007/5xxx/CVE-2007-5363.json | 150 ++++++++-------- 2007/5xxx/CVE-2007-5684.json | 130 +++++++------- 2009/2xxx/CVE-2009-2282.json | 160 ++++++++--------- 2009/2xxx/CVE-2009-2785.json | 170 +++++++++--------- 2015/0xxx/CVE-2015-0106.json | 130 +++++++------- 2015/0xxx/CVE-2015-0819.json | 200 ++++++++++----------- 2015/3xxx/CVE-2015-3499.json | 34 ++-- 2015/3xxx/CVE-2015-3511.json | 34 ++-- 2015/4xxx/CVE-2015-4092.json | 150 ++++++++-------- 2015/4xxx/CVE-2015-4093.json | 150 ++++++++-------- 2015/4xxx/CVE-2015-4108.json | 170 +++++++++--------- 2015/4xxx/CVE-2015-4212.json | 140 +++++++-------- 2015/4xxx/CVE-2015-4392.json | 150 ++++++++-------- 2015/4xxx/CVE-2015-4527.json | 130 +++++++------- 2015/8xxx/CVE-2015-8300.json | 140 +++++++-------- 2016/1xxx/CVE-2016-1300.json | 120 ++++++------- 2016/5xxx/CVE-2016-5147.json | 280 ++++++++++++++--------------- 2016/5xxx/CVE-2016-5271.json | 160 ++++++++--------- 2016/5xxx/CVE-2016-5536.json | 140 +++++++-------- 2018/1999xxx/CVE-2018-1999033.json | 126 ++++++------- 2018/6xxx/CVE-2018-6179.json | 172 +++++++++--------- 2018/6xxx/CVE-2018-6554.json | 243 +++++++++++++------------ 2019/0xxx/CVE-2019-0564.json | 140 +++++++-------- 2019/0xxx/CVE-2019-0681.json | 34 ++-- 2019/0xxx/CVE-2019-0932.json | 34 ++-- 2019/1xxx/CVE-2019-1506.json | 34 ++-- 2019/1xxx/CVE-2019-1561.json | 34 ++-- 2019/1xxx/CVE-2019-1563.json | 34 ++-- 2019/1xxx/CVE-2019-1617.json | 188 +++++++++---------- 2019/5xxx/CVE-2019-5809.json | 34 ++-- 2019/5xxx/CVE-2019-5817.json | 34 ++-- 2019/5xxx/CVE-2019-5842.json | 34 ++-- 38 files changed, 2342 insertions(+), 2337 deletions(-) diff --git a/1999/0xxx/CVE-1999-0327.json b/1999/0xxx/CVE-1999-0327.json index 28e5ddc2294..5146f1a1dac 100644 --- a/1999/0xxx/CVE-1999-0327.json +++ b/1999/0xxx/CVE-1999-0327.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SGI syserr program allows local users to corrupt files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19971103-01-PX", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SGI syserr program allows local users to corrupt files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19971103-01-PX", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0395.json b/1999/0xxx/CVE-1999-0395.json index f9f316981d8..1680833e04f 100644 --- a/1999/0xxx/CVE-1999-0395.json +++ b/1999/0xxx/CVE-1999-0395.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990118 Vulnerability in the BackWeb Polite Agent Protocol", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise17.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990118 Vulnerability in the BackWeb Polite Agent Protocol", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise17.php" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1167.json b/1999/1xxx/CVE-1999-1167.json index 59b2916e762..d04c1da27bd 100644 --- a/1999/1xxx/CVE-1999-1167.json +++ b/1999/1xxx/CVE-1999-1167.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wired.com/news/technology/0,1282,20677,00.html", - "refsource" : "CONFIRM", - "url" : "http://www.wired.com/news/technology/0,1282,20677,00.html" - }, - { - "name" : "http://www.wired.com/news/technology/0,1282,20636,00.html", - "refsource" : "MISC", - "url" : "http://www.wired.com/news/technology/0,1282,20636,00.html" - }, - { - "name" : "thirdvoice-cross-site-scripting(7252)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7252.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "thirdvoice-cross-site-scripting(7252)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7252.php" + }, + { + "name": "http://www.wired.com/news/technology/0,1282,20636,00.html", + "refsource": "MISC", + "url": "http://www.wired.com/news/technology/0,1282,20636,00.html" + }, + { + "name": "http://www.wired.com/news/technology/0,1282,20677,00.html", + "refsource": "CONFIRM", + "url": "http://www.wired.com/news/technology/0,1282,20677,00.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1197.json b/2000/1xxx/CVE-2000-1197.json index e7835bf6e1c..4ca6bd4337c 100644 --- a/2000/1xxx/CVE-2000-1197.json +++ b/2000/1xxx/CVE-2000-1197.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000420 pop3d/imap DOS (while we're on the subject)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=95624629924545&w=2" - }, - { - "name" : "FreeBSD-SA-00:15", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:15.imap-uw.asc" - }, - { - "name" : "1132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-00:15", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:15.imap-uw.asc" + }, + { + "name": "20000420 pop3d/imap DOS (while we're on the subject)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=95624629924545&w=2" + }, + { + "name": "1132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1132" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2211.json b/2005/2xxx/CVE-2005-2211.json index 365274af11e..20dca4dd3fc 100644 --- a/2005/2xxx/CVE-2005-2211.json +++ b/2005/2xxx/CVE-2005-2211.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sukria.net/packages/backup-manager/", - "refsource" : "CONFIRM", - "url" : "http://www.sukria.net/packages/backup-manager/" - }, - { - "name" : "15989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15989" + }, + { + "name": "http://www.sukria.net/packages/backup-manager/", + "refsource": "CONFIRM", + "url": "http://www.sukria.net/packages/backup-manager/" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5177.json b/2007/5xxx/CVE-2007-5177.json index 2e1333348e8..6000b64c0d0 100644 --- a/2007/5xxx/CVE-2007-5177.json +++ b/2007/5xxx/CVE-2007-5177.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4469", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4469" - }, - { - "name" : "25865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25865" - }, - { - "name" : "38590", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38590" - }, - { - "name" : "mambo-mambads-index-sql-injection(36875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mambo-mambads-index-sql-injection(36875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36875" + }, + { + "name": "25865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25865" + }, + { + "name": "38590", + "refsource": "OSVDB", + "url": "http://osvdb.org/38590" + }, + { + "name": "4469", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4469" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5363.json b/2007/5xxx/CVE-2007-5363.json index 5608d6308a7..f823c2eb271 100644 --- a/2007/5xxx/CVE-2007-5363.json +++ b/2007/5xxx/CVE-2007-5363.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25946" - }, - { - "name" : "ADV-2007-3428", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3428" - }, - { - "name" : "38585", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38585" - }, - { - "name" : "joomla-panoramic-file-include(36992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "joomla-panoramic-file-include(36992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36992" + }, + { + "name": "ADV-2007-3428", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3428" + }, + { + "name": "38585", + "refsource": "OSVDB", + "url": "http://osvdb.org/38585" + }, + { + "name": "25946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25946" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5684.json b/2007/5xxx/CVE-2007-5684.json index 10162a37390..8b211dc5fb9 100644 --- a/2007/5xxx/CVE-2007-5684.json +++ b/2007/5xxx/CVE-2007-5684.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded \"..%2F\" sequences in the imp_language parameter to tiki-imexport_languages.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071025 TikiWiki <= 1.9.8.1 Cross Site Scripting / Local File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482801/30/0/threaded" - }, - { - "name" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=15", - "refsource" : "CONFIRM", - "url" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded \"..%2F\" sequences in the imp_language parameter to tiki-imexport_languages.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15", + "refsource": "CONFIRM", + "url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15" + }, + { + "name": "20071025 TikiWiki <= 1.9.8.1 Cross Site Scripting / Local File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2282.json b/2009/2xxx/CVE-2009-2282.json index 57f0103776b..122ab99fbbe 100644 --- a/2009/2xxx/CVE-2009-2282.json +++ b/2009/2xxx/CVE-2009-2282.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141778-01-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141778-01-1" - }, - { - "name" : "262708", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262708-1" - }, - { - "name" : "35502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35502" - }, - { - "name" : "55329", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55329" - }, - { - "name" : "35547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141778-01-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141778-01-1" + }, + { + "name": "262708", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262708-1" + }, + { + "name": "35547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35547" + }, + { + "name": "55329", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55329" + }, + { + "name": "35502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35502" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2785.json b/2009/2xxx/CVE-2009-2785.json index e8c7ff8197d..6e3804c881d 100644 --- a/2009/2xxx/CVE-2009-2785.json +++ b/2009/2xxx/CVE-2009-2785.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt" - }, - { - "name" : "56657", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56657" - }, - { - "name" : "56658", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56658" - }, - { - "name" : "56659", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56659" - }, - { - "name" : "35929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35929" - }, - { - "name" : "phpopenclassifieds-buy-contact-xss(52123)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpopenclassifieds-buy-contact-xss(52123)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52123" + }, + { + "name": "56657", + "refsource": "OSVDB", + "url": "http://osvdb.org/56657" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt" + }, + { + "name": "56659", + "refsource": "OSVDB", + "url": "http://osvdb.org/56659" + }, + { + "name": "56658", + "refsource": "OSVDB", + "url": "http://osvdb.org/56658" + }, + { + "name": "35929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35929" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0106.json b/2015/0xxx/CVE-2015-0106.json index e862ffbf529..4952a5c7c88 100644 --- a/2015/0xxx/CVE-2015-0106.json +++ b/2015/0xxx/CVE-2015-0106.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694935", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694935" - }, - { - "name" : "JR50795", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694935", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694935" + }, + { + "name": "JR50795", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50795" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0819.json b/2015/0xxx/CVE-2015-0819.json index 8792309dae3..e86975346be 100644 --- a/2015/0xxx/CVE-2015-0819.json +++ b/2015/0xxx/CVE-2015-0819.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-26.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1079554", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1079554" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2015:0404", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:0570", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" - }, - { - "name" : "USN-2505-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2505-1" - }, - { - "name" : "72759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72759" - }, - { - "name" : "1031791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-26.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-26.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1079554", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1079554" + }, + { + "name": "72759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72759" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "openSUSE-SU-2015:0404", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "1031791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031791" + }, + { + "name": "openSUSE-SU-2015:0570", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" + }, + { + "name": "USN-2505-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2505-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3499.json b/2015/3xxx/CVE-2015-3499.json index 666d4232f79..a1d583a5474 100644 --- a/2015/3xxx/CVE-2015-3499.json +++ b/2015/3xxx/CVE-2015-3499.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3499", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3499", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3511.json b/2015/3xxx/CVE-2015-3511.json index 36fcf077936..8ed42d3d9a9 100644 --- a/2015/3xxx/CVE-2015-3511.json +++ b/2015/3xxx/CVE-2015-3511.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3511", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3511", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4092.json b/2015/4xxx/CVE-2015-4092.json index a60881ec782..fbacfa5a111 100644 --- a/2015/4xxx/CVE-2015-4092.json +++ b/2015/4xxx/CVE-2015-4092.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150817 [ERPSCAN-15-012] SAP Afaria 7 XComms â?? Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536238/100/0/threaded" - }, - { - "name" : "20150522 SAP Security Notes May 2015", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/May/96" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-15-012-sap-afaria-7-xcomms-bof", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-15-012-sap-afaria-7-xcomms-bof" - }, - { - "name" : "74797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/advisories/erpscan-15-012-sap-afaria-7-xcomms-bof", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-15-012-sap-afaria-7-xcomms-bof" + }, + { + "name": "20150817 [ERPSCAN-15-012] SAP Afaria 7 XComms â?? Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536238/100/0/threaded" + }, + { + "name": "20150522 SAP Security Notes May 2015", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/May/96" + }, + { + "name": "74797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74797" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4093.json b/2015/4xxx/CVE-2015-4093.json index a98d8caa903..b2bcea27cc9 100644 --- a/2015/4xxx/CVE-2015-4093.json +++ b/2015/4xxx/CVE-2015-4093.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150609 Kibana vulnerability CVE-2015-4093", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535726/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.elastic.co/community/security/", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security/" - }, - { - "name" : "75107", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150609 Kibana vulnerability CVE-2015-4093", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535726/100/0/threaded" + }, + { + "name": "75107", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75107" + }, + { + "name": "http://packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html" + }, + { + "name": "https://www.elastic.co/community/security/", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security/" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4108.json b/2015/4xxx/CVE-2015-4108.json index fdeb4d479e9..4537951098a 100644 --- a/2015/4xxx/CVE-2015-4108.json +++ b/2015/4xxx/CVE-2015-4108.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150605 Wing FTP Server Remote Code Execution vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535686/100/0/threaded" - }, - { - "name" : "20150605 [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535681/100/0/threaded" - }, - { - "name" : "20150605 [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535685/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html" - }, - { - "name" : "http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html" - }, - { - "name" : "http://www.wftpserver.com/serverhistory.htm", - "refsource" : "CONFIRM", - "url" : "http://www.wftpserver.com/serverhistory.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150605 [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535681/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html" + }, + { + "name": "http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html" + }, + { + "name": "20150605 Wing FTP Server Remote Code Execution vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535686/100/0/threaded" + }, + { + "name": "http://www.wftpserver.com/serverhistory.htm", + "refsource": "CONFIRM", + "url": "http://www.wftpserver.com/serverhistory.htm" + }, + { + "name": "20150605 [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535685/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4212.json b/2015/4xxx/CVE-2015-4212.json index 2aecd4b63f1..f40861ec092 100644 --- a/2015/4xxx/CVE-2015-4212.json +++ b/2015/4xxx/CVE-2015-4212.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150623 Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39467" - }, - { - "name" : "75381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75381" - }, - { - "name" : "1032705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150623 Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39467" + }, + { + "name": "75381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75381" + }, + { + "name": "1032705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032705" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4392.json b/2015/4xxx/CVE-2015-4392.json index 435749d1d2d..8a1a642ffb5 100644 --- a/2015/4xxx/CVE-2015-4392.json +++ b/2015/4xxx/CVE-2015-4392.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2471733", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2471733" - }, - { - "name" : "https://www.drupal.org/node/2471721", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2471721" - }, - { - "name" : "74362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "https://www.drupal.org/node/2471721", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2471721" + }, + { + "name": "https://www.drupal.org/node/2471733", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2471733" + }, + { + "name": "74362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74362" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4527.json b/2015/4xxx/CVE-2015-4527.json index bd3d7da57e3..2769640bf4e 100644 --- a/2015/4xxx/CVE-2015-4527.json +++ b/2015/4xxx/CVE-2015-4527.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-4527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Jul/110" - }, - { - "name" : "1033026", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Jul/110" + }, + { + "name": "1033026", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033026" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8300.json b/2015/8xxx/CVE-2015-8300.json index 28821097df6..3c85f60511c 100644 --- a/2015/8xxx/CVE-2015-8300.json +++ b/2015/8xxx/CVE-2015-8300.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for \"Program Files (x86)\\polycom\\polycom btoe connector\\plcmbtoesrv.exe,\" which allows local users to gain privileges via a Trojan horse file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151124 CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Nov/88" - }, - { - "name" : "http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html" - }, - { - "name" : "https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513", - "refsource" : "MISC", - "url" : "https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for \"Program Files (x86)\\polycom\\polycom btoe connector\\plcmbtoesrv.exe,\" which allows local users to gain privileges via a Trojan horse file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html" + }, + { + "name": "https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513", + "refsource": "MISC", + "url": "https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513" + }, + { + "name": "20151124 CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Nov/88" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1300.json b/2016/1xxx/CVE-2016-1300.json index 736804debff..086d8f072b6 100644 --- a/2016/1xxx/CVE-2016-1300.json +++ b/2016/1xxx/CVE-2016-1300.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160127 Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160127 Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5147.json b/2016/5xxx/CVE-2016-5147.json index fd011b68fec..20a464a01be 100644 --- a/2016/5xxx/CVE-2016-5147.json +++ b/2016/5xxx/CVE-2016-5147.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://codereview.chromium.org/2155393002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2155393002" - }, - { - "name" : "https://codereview.chromium.org/2169453002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2169453002" - }, - { - "name" : "https://codereview.chromium.org/2174263002/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2174263002/" - }, - { - "name" : "https://codereview.chromium.org/2183423002/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2183423002/" - }, - { - "name" : "https://codereview.chromium.org/2190523002/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2190523002/" - }, - { - "name" : "https://codereview.chromium.org/2242923002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2242923002" - }, - { - "name" : "https://crbug.com/628942", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/628942" - }, - { - "name" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", - "refsource" : "CONFIRM", - "url" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" - }, - { - "name" : "DSA-3660", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3660" - }, - { - "name" : "GLSA-201610-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-09" - }, - { - "name" : "RHSA-2016:1854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1854.html" - }, - { - "name" : "openSUSE-SU-2016:2349", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html" - }, - { - "name" : "SUSE-SU-2016:2251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:2250", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html" - }, - { - "name" : "openSUSE-SU-2016:2296", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html" - }, - { - "name" : "92717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92717" - }, - { - "name" : "1036729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/628942", + "refsource": "CONFIRM", + "url": "https://crbug.com/628942" + }, + { + "name": "https://codereview.chromium.org/2155393002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2155393002" + }, + { + "name": "openSUSE-SU-2016:2250", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html" + }, + { + "name": "https://codereview.chromium.org/2242923002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2242923002" + }, + { + "name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", + "refsource": "CONFIRM", + "url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" + }, + { + "name": "SUSE-SU-2016:2251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html" + }, + { + "name": "92717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92717" + }, + { + "name": "1036729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036729" + }, + { + "name": "https://codereview.chromium.org/2169453002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2169453002" + }, + { + "name": "https://codereview.chromium.org/2190523002/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2190523002/" + }, + { + "name": "openSUSE-SU-2016:2349", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html" + }, + { + "name": "https://codereview.chromium.org/2174263002/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2174263002/" + }, + { + "name": "DSA-3660", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3660" + }, + { + "name": "GLSA-201610-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-09" + }, + { + "name": "openSUSE-SU-2016:2296", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html" + }, + { + "name": "RHSA-2016:1854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html" + }, + { + "name": "https://codereview.chromium.org/2183423002/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2183423002/" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5271.json b/2016/5xxx/CVE-2016-5271.json index 1d48620f906..47239af74cc 100644 --- a/2016/5xxx/CVE-2016-5271.json +++ b/2016/5xxx/CVE-2016-5271.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a \"display: contents\" Cascading Style Sheets (CSS) property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-5271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1288946", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1288946" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "93052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93052" - }, - { - "name" : "1036852", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a \"display: contents\" Cascading Style Sheets (CSS) property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html" + }, + { + "name": "93052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93052" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288946", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288946" + }, + { + "name": "1036852", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036852" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5536.json b/2016/5xxx/CVE-2016-5536.json index 25f5481fe3a..c88d04c1761 100644 --- a/2016/5xxx/CVE-2016-5536.json +++ b/2016/5xxx/CVE-2016-5536.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-8281." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "93772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93772" - }, - { - "name" : "1037051", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-8281." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93772" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "1037051", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037051" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999033.json b/2018/1999xxx/CVE-2018-1999033.json index 623b8f206ea..1c33fc5acee 100644 --- a/2018/1999xxx/CVE-2018-1999033.json +++ b/2018/1999xxx/CVE-2018-1999033.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-31T15:54:50.974279", - "DATE_REQUESTED" : "2018-07-30T00:00:00", - "ID" : "CVE-2018-1999033", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Anchore Container Image Scanner Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "10.16 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-522" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-31T15:54:50.974279", + "DATE_REQUESTED": "2018-07-30T00:00:00", + "ID": "CVE-2018-1999033", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1039", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1039", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1039" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6179.json b/2018/6xxx/CVE-2018-6179.json index 8cbb24454c0..009d51e4ad6 100644 --- a/2018/6xxx/CVE-2018-6179.json +++ b/2018/6xxx/CVE-2018-6179.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "68.0.3440.75" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "68.0.3440.75" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/816685", - "refsource" : "MISC", - "url" : "https://crbug.com/816685" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4256", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4256" - }, - { - "name" : "GLSA-201808-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-01" - }, - { - "name" : "RHSA-2018:2282", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2282" - }, - { - "name" : "104887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:2282", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2282" + }, + { + "name": "GLSA-201808-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-01" + }, + { + "name": "DSA-4256", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4256" + }, + { + "name": "https://crbug.com/816685", + "refsource": "MISC", + "url": "https://crbug.com/816685" + }, + { + "name": "104887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104887" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6554.json b/2018/6xxx/CVE-2018-6554.json index d4053626e36..74d9a67aea1 100644 --- a/2018/6xxx/CVE-2018-6554.json +++ b/2018/6xxx/CVE-2018-6554.json @@ -1,121 +1,126 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@ubuntu.com", - "DATE_PUBLIC" : "2018-09-04T15:00:00.000Z", - "ID" : "CVE-2018-6554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "before 4.17" - } - ] - } - } - ] - }, - "vendor_name" : "Linux Kernel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2018-09-04T15:00:00.000Z", + "ID": "CVE-2018-6554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux Kernel", + "version": { + "version_data": [ + { + "version_value": "before 4.17" + } + ] + } + } + ] + }, + "vendor_name": "Linux Kernel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket", - "refsource" : "MLIST", - "url" : "https://www.spinics.net/lists/stable/msg255030.html" - }, - { - "name" : "[stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket", - "refsource" : "MLIST", - "url" : "https://www.spinics.net/lists/stable/msg255034.html" - }, - { - "name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" - }, - { - "name" : "DSA-4308", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4308" - }, - { - "name" : "USN-3775-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3775-2/" - }, - { - "name" : "USN-3776-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3776-1/" - }, - { - "name" : "USN-3776-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3776-2/" - }, - { - "name" : "USN-3777-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-1/" - }, - { - "name" : "USN-3777-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-2/" - }, - { - "name" : "USN-3775-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3775-1/" - }, - { - "name" : "USN-3777-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-3/" - }, - { - "name" : "105302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105302" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3776-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3776-1/" + }, + { + "name": "USN-3776-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3776-2/" + }, + { + "name": "USN-3777-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-1/" + }, + { + "name": "USN-3775-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3775-1/" + }, + { + "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" + }, + { + "name": "[stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket", + "refsource": "MLIST", + "url": "https://www.spinics.net/lists/stable/msg255030.html" + }, + { + "name": "DSA-4308", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4308" + }, + { + "name": "105302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105302" + }, + { + "name": "USN-3775-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3775-2/" + }, + { + "name": "USN-3777-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-2/" + }, + { + "name": "USN-3777-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-3/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "name": "[stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket", + "refsource": "MLIST", + "url": "https://www.spinics.net/lists/stable/msg255034.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0564.json b/2019/0xxx/CVE-2019-0564.json index 1e7af5eb9e4..36a0750c81d 100644 --- a/2019/0xxx/CVE-2019-0564.json +++ b/2019/0xxx/CVE-2019-0564.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2019-0564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ASP.NET Core", - "version" : { - "version_data" : [ - { - "version_value" : "2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "2.1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564" - }, - { - "name" : "RHSA-2019:0040", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0040" - }, - { - "name" : "106413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564" + }, + { + "name": "106413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106413" + }, + { + "name": "RHSA-2019:0040", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0040" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0681.json b/2019/0xxx/CVE-2019-0681.json index 6ad222bc3bc..8e0d94393d9 100644 --- a/2019/0xxx/CVE-2019-0681.json +++ b/2019/0xxx/CVE-2019-0681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0681", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0681", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0932.json b/2019/0xxx/CVE-2019-0932.json index 21c2b627ebf..b0df086a6e9 100644 --- a/2019/0xxx/CVE-2019-0932.json +++ b/2019/0xxx/CVE-2019-0932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0932", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0932", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1506.json b/2019/1xxx/CVE-2019-1506.json index 36c8f4fc9ca..8b33043280a 100644 --- a/2019/1xxx/CVE-2019-1506.json +++ b/2019/1xxx/CVE-2019-1506.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1506", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1506", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1561.json b/2019/1xxx/CVE-2019-1561.json index 4a643c25e7d..4f7233f17f3 100644 --- a/2019/1xxx/CVE-2019-1561.json +++ b/2019/1xxx/CVE-2019-1561.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1561", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1561", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1563.json b/2019/1xxx/CVE-2019-1563.json index 82abe18d457..c8c8fed675a 100644 --- a/2019/1xxx/CVE-2019-1563.json +++ b/2019/1xxx/CVE-2019-1563.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1563", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1563", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1617.json b/2019/1xxx/CVE-2019-1617.json index 797363ed49b..b87082887fb 100644 --- a/2019/1xxx/CVE-2019-1617.json +++ b/2019/1xxx/CVE-2019-1617.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", - "ID" : "CVE-2019-1617", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I7(5)" - }, - { - "affected" : "<", - "version_value" : "9.2(2)" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2)." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "7.4", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-913" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-06T16:00:00-0800", + "ID": "CVE-2019-1617", + "STATE": "PUBLIC", + "TITLE": "Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I7(5)" + }, + { + "affected": "<", + "version_value": "9.2(2)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190306 Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos" - }, - { - "name" : "107336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107336" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190306-nxos-npv-dos", - "defect" : [ - [ - "CSCvk44504" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2)." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-913" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190306 Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos" + }, + { + "name": "107336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107336" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190306-nxos-npv-dos", + "defect": [ + [ + "CSCvk44504" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5809.json b/2019/5xxx/CVE-2019-5809.json index 1a4b8823a4e..3d8846efe6b 100644 --- a/2019/5xxx/CVE-2019-5809.json +++ b/2019/5xxx/CVE-2019-5809.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5809", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5809", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5817.json b/2019/5xxx/CVE-2019-5817.json index 3690de09437..4959638ed73 100644 --- a/2019/5xxx/CVE-2019-5817.json +++ b/2019/5xxx/CVE-2019-5817.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5817", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5817", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5842.json b/2019/5xxx/CVE-2019-5842.json index e041d2b9da7..ea9e1f6da7f 100644 --- a/2019/5xxx/CVE-2019-5842.json +++ b/2019/5xxx/CVE-2019-5842.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5842", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5842", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file