diff --git a/1999/0xxx/CVE-1999-0219.json b/1999/0xxx/CVE-1999-0219.json index f9dc6477214..03009bf72dd 100644 --- a/1999/0xxx/CVE-1999-0219.json +++ b/1999/0xxx/CVE-1999-0219.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990503 Buffer overflows in FTP Serv-U 2.5", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=92574916930144&w=2" - }, - { - "name" : "19990504 Re: Buffer overflows in FTP Serv-U 2.5", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=92582581330282&w=2" - }, - { - "name" : "269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/269" - }, - { - "name" : "ftp-servu(205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/269" + }, + { + "name": "ftp-servu(205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205" + }, + { + "name": "19990503 Buffer overflows in FTP Serv-U 2.5", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=92574916930144&w=2" + }, + { + "name": "19990504 Re: Buffer overflows in FTP Serv-U 2.5", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=92582581330282&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1468.json b/1999/1xxx/CVE-1999-1468.json index 54ede7fd6a7..a67c82d5ba6 100644 --- a/1999/1xxx/CVE-1999-1468.json +++ b/1999/1xxx/CVE-1999-1468.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html", - "refsource" : "MISC", - "url" : "http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html" - }, - { - "name" : "CA-91.20", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-91.20.rdist.vulnerability" - }, - { - "name" : "31", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31" - }, - { - "name" : "rdist-popen-gain-privileges(7160)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7160.php" - }, - { - "name" : "8106", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html", + "refsource": "MISC", + "url": "http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html" + }, + { + "name": "31", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31" + }, + { + "name": "8106", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8106" + }, + { + "name": "rdist-popen-gain-privileges(7160)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7160.php" + }, + { + "name": "CA-91.20", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-91.20.rdist.vulnerability" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1244.json b/2000/1xxx/CVE-2000-1244.json index 7747270f93c..ffd5afccf86 100644 --- a/2000/1xxx/CVE-2000-1244.json +++ b/2000/1xxx/CVE-2000-1244.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the \"From\" field, which allows remote attackers to bypass virus protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001110 CA's InoculateIT Agent for Exchange Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0158.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the \"From\" field, which allows remote attackers to bypass virus protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001110 CA's InoculateIT Agent for Exchange Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0158.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2207.json b/2005/2xxx/CVE-2005-2207.json index aa9f1f074eb..6cbccb3ed64 100644 --- a/2005/2xxx/CVE-2005-2207.json +++ b/2005/2xxx/CVE-2005-2207.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://digitalparadox.org/viewadvisories.ah?view=42", - "refsource" : "MISC", - "url" : "http://digitalparadox.org/viewadvisories.ah?view=42" - }, - { - "name" : "1014418", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014418", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014418" + }, + { + "name": "http://digitalparadox.org/viewadvisories.ah?view=42", + "refsource": "MISC", + "url": "http://digitalparadox.org/viewadvisories.ah?view=42" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2222.json b/2005/2xxx/CVE-2005-2222.json index ac7587b4e4d..e756e37235c 100644 --- a/2005/2xxx/CVE-2005-2222.json +++ b/2005/2xxx/CVE-2005-2222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mailenable.com/professionalhistory.asp", - "refsource" : "CONFIRM", - "url" : "http://www.mailenable.com/professionalhistory.asp" - }, - { - "name" : "1014427", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mailenable.com/professionalhistory.asp", + "refsource": "CONFIRM", + "url": "http://www.mailenable.com/professionalhistory.asp" + }, + { + "name": "1014427", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014427" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2295.json b/2005/2xxx/CVE-2005-2295.json index f0feba50f5b..ecfe5623f15 100644 --- a/2005/2xxx/CVE-2005-2295.json +++ b/2005/2xxx/CVE-2005-2295.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050713 Endless loop in NetPanzer 0.8", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112129258221823&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/panzone-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/panzone-adv.txt" - }, - { - "name" : "14257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14257" - }, - { - "name" : "1014479", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014479" - }, - { - "name" : "16055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16055" - }, - { - "name" : "netpanzer-datablock-dos(21361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050713 Endless loop in NetPanzer 0.8", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112129258221823&w=2" + }, + { + "name": "netpanzer-datablock-dos(21361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21361" + }, + { + "name": "16055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16055" + }, + { + "name": "http://aluigi.altervista.org/adv/panzone-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/panzone-adv.txt" + }, + { + "name": "14257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14257" + }, + { + "name": "1014479", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014479" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2771.json b/2005/2xxx/CVE-2005-2771.json index 4c6ab909a21..303b342906b 100644 --- a/2005/2xxx/CVE-2005-2771.json +++ b/2005/2xxx/CVE-2005-2771.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.wrq.com/techdocs/1910.html", - "refsource" : "CONFIRM", - "url" : "http://support.wrq.com/techdocs/1910.html" - }, - { - "name" : "VU#758054", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/758054" - }, - { - "name" : "1014835", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014835" - }, - { - "name" : "16649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16649/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014835", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014835" + }, + { + "name": "VU#758054", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/758054" + }, + { + "name": "http://support.wrq.com/techdocs/1910.html", + "refsource": "CONFIRM", + "url": "http://support.wrq.com/techdocs/1910.html" + }, + { + "name": "16649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16649/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3080.json b/2005/3xxx/CVE-2005-3080.json index b72dbb0e4c5..71b76646cca 100644 --- a/2005/3xxx/CVE-2005-3080.json +++ b/2005/3xxx/CVE-2005-3080.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=358285", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=358285" - }, - { - "name" : "14903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=358285", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=358285" + }, + { + "name": "14903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14903" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3271.json b/2005/3xxx/CVE-2005-3271.json index c62720515e4..6833e555a4c 100644 --- a/2005/3xxx/CVE-2005-3271.json +++ b/2005/3xxx/CVE-2005-3271.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exec in Linux kernel 2.6 does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large number of multiple local users to cause a denial of service by using more posix-timers than specified by the quota for a single user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss", - "refsource" : "MLIST", - "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg" - }, - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "MDKSA-2005:218", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218" - }, - { - "name" : "MDKSA-2005:219", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" - }, - { - "name" : "SUSE-SA:2005:067", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/advisories/9806" - }, - { - "name" : "USN-219-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/219-1/" - }, - { - "name" : "15533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15533" - }, - { - "name" : "17917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17917" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "17826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exec in Linux kernel 2.6 does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large number of multiple local users to cause a denial of service by using more posix-timers than specified by the quota for a single user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17917" + }, + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg" + }, + { + "name": "SUSE-SA:2005:067", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/advisories/9806" + }, + { + "name": "15533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15533" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "USN-219-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/219-1/" + }, + { + "name": "[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss", + "refsource": "MLIST", + "url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html" + }, + { + "name": "MDKSA-2005:218", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218" + }, + { + "name": "17826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17826" + }, + { + "name": "MDKSA-2005:219", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3294.json b/2005/3xxx/CVE-2005-3294.json index fa15a86a121..45b0dea3165 100644 --- a/2005/3xxx/CVE-2005-3294.json +++ b/2005/3xxx/CVE-2005-3294.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Typsoft FTP Server 1.11, with \"Sub Directory Include\" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15860", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15860" - }, - { - "name" : "http://www.exploitlabs.com/files/advisories/EXPL-A-2005-016-typsoft-ftpd.txt", - "refsource" : "MISC", - "url" : "http://www.exploitlabs.com/files/advisories/EXPL-A-2005-016-typsoft-ftpd.txt" - }, - { - "name" : "15104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15104" - }, - { - "name" : "19992", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19992" - }, - { - "name" : "17196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Typsoft FTP Server 1.11, with \"Sub Directory Include\" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.exploitlabs.com/files/advisories/EXPL-A-2005-016-typsoft-ftpd.txt", + "refsource": "MISC", + "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2005-016-typsoft-ftpd.txt" + }, + { + "name": "17196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17196" + }, + { + "name": "19992", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19992" + }, + { + "name": "15104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15104" + }, + { + "name": "15860", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15860" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3753.json b/2005/3xxx/CVE-2005-3753.json index 8bb641d3c52..c0ff8ceb7ea 100644 --- a/2005/3xxx/CVE-2005-3753.json +++ b/2005/3xxx/CVE-2005-3753.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.kernel.org/show_bug.cgi?id=5194", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.kernel.org/show_bug.cgi?id=5194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.kernel.org/show_bug.cgi?id=5194", + "refsource": "CONFIRM", + "url": "http://bugzilla.kernel.org/show_bug.cgi?id=5194" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3870.json b/2005/3xxx/CVE-2005-3870.json index b1881c24556..63ddd19d1e3 100644 --- a/2005/3xxx/CVE-2005-3870.json +++ b/2005/3xxx/CVE-2005-3870.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/edmobbs-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/edmobbs-sql-inj-vuln.html" - }, - { - "name" : "15589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15589" - }, - { - "name" : "ADV-2005-2621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2621" - }, - { - "name" : "21132", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21132" - }, - { - "name" : "17726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21132", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21132" + }, + { + "name": "17726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17726" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/edmobbs-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/edmobbs-sql-inj-vuln.html" + }, + { + "name": "15589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15589" + }, + { + "name": "ADV-2005-2621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2621" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4629.json b/2005/4xxx/CVE-2005-4629.json index 55ae66c15b2..eb9991918db 100644 --- a/2005/4xxx/CVE-2005-4629.json +++ b/2005/4xxx/CVE-2005-4629.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/smbcms-v21-sql-injection.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/smbcms-v21-sql-injection.html" - }, - { - "name" : "21314", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21314", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21314" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/smbcms-v21-sql-injection.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/smbcms-v21-sql-injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2204.json b/2009/2xxx/CVE-2009-2204.json index d51b20f8373..acc5ddfbd96 100644 --- a/2009/2xxx/CVE-2009-2204.json +++ b/2009/2xxx/CVE-2009-2204.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf" - }, - { - "name" : "http://news.cnet.com/8301-1009_3-10278472-83.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-1009_3-10278472-83.html" - }, - { - "name" : "http://www.syscan.org/Sg/program.html", - "refsource" : "MISC", - "url" : "http://www.syscan.org/Sg/program.html" - }, - { - "name" : "http://support.apple.com/kb/HT3754", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3754" - }, - { - "name" : "APPLE-SA-2009-07-31-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html" - }, - { - "name" : "35569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35569" - }, - { - "name" : "55687", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55687" - }, - { - "name" : "1022626", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022626" - }, - { - "name" : "36070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36070" - }, - { - "name" : "ADV-2009-2105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2009-07-31-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3754", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3754" + }, + { + "name": "http://www.syscan.org/Sg/program.html", + "refsource": "MISC", + "url": "http://www.syscan.org/Sg/program.html" + }, + { + "name": "http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf", + "refsource": "MISC", + "url": "http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf" + }, + { + "name": "http://news.cnet.com/8301-1009_3-10278472-83.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-1009_3-10278472-83.html" + }, + { + "name": "36070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36070" + }, + { + "name": "1022626", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022626" + }, + { + "name": "35569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35569" + }, + { + "name": "ADV-2009-2105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2105" + }, + { + "name": "55687", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55687" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3043.json b/2009/3xxx/CVE-2009-3043.json index e03001ce98c..a14267c8473 100644 --- a/2009/3xxx/CVE-2009-3043.json +++ b/2009/3xxx/CVE-2009-3043.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonstrated by KernelTtyTest.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20090819 Re: v2.6.31-rc6: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2009/8/20/27" - }, - { - "name" : "[linux-kernel] 20090819 v2.6.31-rc6: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2009/8/20/21" - }, - { - "name" : "[linux-kernel] 20090820 Re: v2.6.31-rc6: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2009/8/20/68" - }, - { - "name" : "[oss-security] 20090831 CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/31/1" - }, - { - "name" : "[oss-security] 20090903 Re: CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/03/6" - }, - { - "name" : "[oss-security] 20090904 Re: CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/03/7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5c58ceff103d8a654f24769bb1baaf84a841b0cc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5c58ceff103d8a654f24769bb1baaf84a841b0cc" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc8" - }, - { - "name" : "36191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonstrated by KernelTtyTest.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5c58ceff103d8a654f24769bb1baaf84a841b0cc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5c58ceff103d8a654f24769bb1baaf84a841b0cc" + }, + { + "name": "[linux-kernel] 20090819 v2.6.31-rc6: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2009/8/20/21" + }, + { + "name": "[oss-security] 20090903 Re: CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/03/6" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc8" + }, + { + "name": "[oss-security] 20090904 Re: CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/03/7" + }, + { + "name": "[linux-kernel] 20090820 Re: v2.6.31-rc6: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2009/8/20/68" + }, + { + "name": "36191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36191" + }, + { + "name": "[oss-security] 20090831 CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/31/1" + }, + { + "name": "[linux-kernel] 20090819 Re: v2.6.31-rc6: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2009/8/20/27" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3068.json b/2009/3xxx/CVE-2009-3068.json index 50336029956..b237206ecef 100644 --- a/2009/3xxx/CVE-2009-3068.json +++ b/2009/3xxx/CVE-2009-3068.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090923 ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506687/100/0/threaded" - }, - { - "name" : "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html", - "refsource" : "MISC", - "url" : "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html" - }, - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "http://twitter.com/elegerov/statuses/3727947465", - "refsource" : "MISC", - "url" : "http://twitter.com/elegerov/statuses/3727947465" - }, - { - "name" : "http://twitter.com/elegerov/statuses/3737538715", - "refsource" : "MISC", - "url" : "http://twitter.com/elegerov/statuses/3737538715" - }, - { - "name" : "http://twitter.com/elegerov/statuses/3737725344", - "refsource" : "MISC", - "url" : "http://twitter.com/elegerov/statuses/3737725344" - }, - { - "name" : "http://www.intevydis.com/blog/?p=26", - "refsource" : "MISC", - "url" : "http://www.intevydis.com/blog/?p=26" - }, - { - "name" : "http://www.intevydis.com/blog/?p=69", - "refsource" : "MISC", - "url" : "http://www.intevydis.com/blog/?p=69" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-066", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-066" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-14.html" - }, - { - "name" : "36245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36245" - }, - { - "name" : "36467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html", + "refsource": "MISC", + "url": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html" + }, + { + "name": "36245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36245" + }, + { + "name": "http://www.intevydis.com/blog/?p=69", + "refsource": "MISC", + "url": "http://www.intevydis.com/blog/?p=69" + }, + { + "name": "36467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36467" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-066", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-066" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-14.html" + }, + { + "name": "http://www.intevydis.com/blog/?p=26", + "refsource": "MISC", + "url": "http://www.intevydis.com/blog/?p=26" + }, + { + "name": "http://twitter.com/elegerov/statuses/3737725344", + "refsource": "MISC", + "url": "http://twitter.com/elegerov/statuses/3737725344" + }, + { + "name": "http://twitter.com/elegerov/statuses/3727947465", + "refsource": "MISC", + "url": "http://twitter.com/elegerov/statuses/3727947465" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + }, + { + "name": "20090923 ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506687/100/0/threaded" + }, + { + "name": "http://twitter.com/elegerov/statuses/3737538715", + "refsource": "MISC", + "url": "http://twitter.com/elegerov/statuses/3737538715" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3178.json b/2009/3xxx/CVE-2009-3178.json index da63d5927fe..72d96193b7d 100644 --- a/2009/3xxx/CVE-2009-3178.json +++ b/2009/3xxx/CVE-2009-3178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, \"Symantec Altiris Deployment Solution 6.9 DoS.\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36247" - }, - { - "name" : "36587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, \"Symantec Altiris Deployment Solution 6.9 DoS.\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36587" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + }, + { + "name": "36247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36247" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3732.json b/2009/3xxx/CVE-2009-3732.json index acd133d9716..d4c1e5d4f1f 100644 --- a/2009/3xxx/CVE-2009-3732.json +++ b/2009/3xxx/CVE-2009-3732.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" - }, - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" - }, - { - "name" : "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "39110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" + }, + { + "name": "39110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39110" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3977.json b/2009/3xxx/CVE-2009-3977.json index 3b49c4d3ecc..de446b3d922 100644 --- a/2009/3xxx/CVE-2009-3977.json +++ b/2009/3xxx/CVE-2009-3977.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. NOTE: this issue is not a vulnerability in many environments, because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091117 CORE-2009-0814: HP Openview NNM 7.53 Invalid DB Error Code vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2009/Nov/199" - }, - { - "name" : "http://www.coresecurity.com/content/openview_nnm_internaldb_dos", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/openview_nnm_internaldb_dos" - }, - { - "name" : "openviewnnm-activex-bo(54377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. NOTE: this issue is not a vulnerability in many environments, because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openviewnnm-activex-bo(54377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54377" + }, + { + "name": "http://www.coresecurity.com/content/openview_nnm_internaldb_dos", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/openview_nnm_internaldb_dos" + }, + { + "name": "20091117 CORE-2009-0814: HP Openview NNM 7.53 Invalid DB Error Code vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2009/Nov/199" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4614.json b/2009/4xxx/CVE-2009-4614.json index dda141a2fef..fbcddd46282 100644 --- a/2009/4xxx/CVE-2009-4614.json +++ b/2009/4xxx/CVE-2009-4614.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the MOA_PATH parameter to (1) _error_funcs.php, (2) _integrity_funcs.php, (3) _template_component_admin.php, (4) _template_component_gallery.php, (5) _template_parser.php, (6) mod_gallery_funcs.php, (7) mod_image_funcs.php, (8) mod_tag_funcs.php, (9) mod_tag_view.php, (10) mod_upgrade_funcs.php, (11) mod_user_funcs.php, (12) page_admin.php, (13) page_gallery_add.php, (14) page_gallery_view.php, (15) page_image_add.php, (16) page_image_view_full.php, (17) page_login.php, and (18) page_sitemap.php in sources/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9522", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9522" - }, - { - "name" : "ADV-2009-2430", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the MOA_PATH parameter to (1) _error_funcs.php, (2) _integrity_funcs.php, (3) _template_component_admin.php, (4) _template_component_gallery.php, (5) _template_parser.php, (6) mod_gallery_funcs.php, (7) mod_image_funcs.php, (8) mod_tag_funcs.php, (9) mod_tag_view.php, (10) mod_upgrade_funcs.php, (11) mod_user_funcs.php, (12) page_admin.php, (13) page_gallery_add.php, (14) page_gallery_view.php, (15) page_image_add.php, (16) page_image_view_full.php, (17) page_login.php, and (18) page_sitemap.php in sources/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9522", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9522" + }, + { + "name": "ADV-2009-2430", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2430" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0054.json b/2015/0xxx/CVE-2015-0054.json index 5b8450e41fb..fa8ed1e46ca 100644 --- a/2015/0xxx/CVE-2015-0054.json +++ b/2015/0xxx/CVE-2015-0054.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72478" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "72478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72478" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0699.json b/2015/0xxx/CVE-2015-0699.json index 4b131d745b4..2339a145404 100644 --- a/2015/0xxx/CVE-2015-0699.json +++ b/2015/0xxx/CVE-2015-0699.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150414 Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38366" - }, - { - "name" : "1032134", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032134", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032134" + }, + { + "name": "20150414 Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38366" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0889.json b/2015/0xxx/CVE-2015-0889.json index df5a045b1b7..a51bd362d8d 100644 --- a/2015/0xxx/CVE-2015-0889.json +++ b/2015/0xxx/CVE-2015-0889.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-0889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kent-web.com/bbs/joyful.html", - "refsource" : "CONFIRM", - "url" : "http://www.kent-web.com/bbs/joyful.html" - }, - { - "name" : "JVN#88862608", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN88862608/index.html" - }, - { - "name" : "JVNDB-2015-000024", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000024", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000024" + }, + { + "name": "http://www.kent-web.com/bbs/joyful.html", + "refsource": "CONFIRM", + "url": "http://www.kent-web.com/bbs/joyful.html" + }, + { + "name": "JVN#88862608", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN88862608/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1036.json b/2015/1xxx/CVE-2015-1036.json index 616a2287ca0..a7bb30b2588 100644 --- a/2015/1xxx/CVE-2015-1036.json +++ b/2015/1xxx/CVE-2015-1036.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1036", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1036", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1159.json b/2015/1xxx/CVE-2015-1159.json index 9450e4885f5..1fadf91ae79 100644 --- a/2015/1xxx/CVE-2015-1159.json +++ b/2015/1xxx/CVE-2015-1159.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html", - "refsource" : "MISC", - "url" : "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html" - }, - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=455", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=455" - }, - { - "name" : "http://www.cups.org/blog.php?L1082", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/blog.php?L1082" - }, - { - "name" : "https://bugzilla.opensuse.org/show_bug.cgi?id=924208", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.opensuse.org/show_bug.cgi?id=924208" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221642", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221642" - }, - { - "name" : "https://www.cups.org/str.php?L4609", - "refsource" : "CONFIRM", - "url" : "https://www.cups.org/str.php?L4609" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702" - }, - { - "name" : "DSA-3283", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3283" - }, - { - "name" : "GLSA-201510-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-07" - }, - { - "name" : "RHSA-2015:1123", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1123.html" - }, - { - "name" : "SUSE-SU-2015:1041", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:1044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:1056", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html" - }, - { - "name" : "USN-2629-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2629-1" - }, - { - "name" : "VU#810572", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/810572" - }, - { - "name" : "75106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75106" - }, - { - "name" : "1032556", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3283", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3283" + }, + { + "name": "RHSA-2015:1123", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1123.html" + }, + { + "name": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208", + "refsource": "CONFIRM", + "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208" + }, + { + "name": "USN-2629-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2629-1" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702" + }, + { + "name": "1032556", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032556" + }, + { + "name": "SUSE-SU-2015:1044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html" + }, + { + "name": "http://www.cups.org/blog.php?L1082", + "refsource": "CONFIRM", + "url": "http://www.cups.org/blog.php?L1082" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221642", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221642" + }, + { + "name": "VU#810572", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/810572" + }, + { + "name": "https://www.cups.org/str.php?L4609", + "refsource": "CONFIRM", + "url": "https://www.cups.org/str.php?L4609" + }, + { + "name": "75106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75106" + }, + { + "name": "GLSA-201510-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-07" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=455", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=455" + }, + { + "name": "SUSE-SU-2015:1041", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html" + }, + { + "name": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html", + "refsource": "MISC", + "url": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html" + }, + { + "name": "openSUSE-SU-2015:1056", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1243.json b/2015/1xxx/CVE-2015-1243.json index 197ec896953..c774bf094b2 100644 --- a/2015/1xxx/CVE-2015-1243.json +++ b/2015/1xxx/CVE-2015-1243.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=453279", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=453279" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=192655&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=192655&view=revision" - }, - { - "name" : "DSA-3242", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3242" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "RHSA-2015:0921", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0921.html" - }, - { - "name" : "openSUSE-SU-2015:0853", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00009.html" - }, - { - "name" : "USN-2582-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2582-1" - }, - { - "name" : "74389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74389" - }, - { - "name" : "1032234", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0853", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00009.html" + }, + { + "name": "USN-2582-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2582-1" + }, + { + "name": "1032234", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032234" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=192655&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=192655&view=revision" + }, + { + "name": "DSA-3242", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3242" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "RHSA-2015:0921", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0921.html" + }, + { + "name": "74389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74389" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=453279", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=453279" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1252.json b/2015/1xxx/CVE-2015-1252.json index 76d4926a1b2..873530b9c12 100644 --- a/2015/1xxx/CVE-2015-1252.json +++ b/2015/1xxx/CVE-2015-1252.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=474029", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=474029" - }, - { - "name" : "https://codereview.chromium.org/1061053002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1061053002" - }, - { - "name" : "DSA-3267", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3267" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "openSUSE-SU-2015:1877", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" - }, - { - "name" : "openSUSE-SU-2015:0969", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" - }, - { - "name" : "74723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74723" - }, - { - "name" : "1032375", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=474029", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=474029" + }, + { + "name": "openSUSE-SU-2015:0969", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "openSUSE-SU-2015:1877", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" + }, + { + "name": "1032375", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032375" + }, + { + "name": "DSA-3267", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3267" + }, + { + "name": "https://codereview.chromium.org/1061053002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1061053002" + }, + { + "name": "74723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74723" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1472.json b/2015/1xxx/CVE-2015-1472.json index db833528403..bccb61ee0cd 100644 --- a/2015/1xxx/CVE-2015-1472.json +++ b/2015/1xxx/CVE-2015-1472.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libc-alpha] 20150206 The GNU C Library version 2.21 is now available", - "refsource" : "MLIST", - "url" : "https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html" - }, - { - "name" : "[oss-security] 20150203 Re: CVE request: heap buffer overflow in glibc swscanf", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/02/04/1" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "GLSA-201602-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201602-02" - }, - { - "name" : "USN-2519-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2519-1" - }, - { - "name" : "72428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "GLSA-201602-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201602-02" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "USN-2519-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2519-1" + }, + { + "name": "72428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72428" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06" + }, + { + "name": "[libc-alpha] 20150206 The GNU C Library version 2.21 is now available", + "refsource": "MLIST", + "url": "https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html" + }, + { + "name": "[oss-security] 20150203 Re: CVE request: heap buffer overflow in glibc swscanf", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/02/04/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1871.json b/2015/1xxx/CVE-2015-1871.json index d11af07acb6..311039b4971 100644 --- a/2015/1xxx/CVE-2015-1871.json +++ b/2015/1xxx/CVE-2015-1871.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1871", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1871", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4189.json b/2015/4xxx/CVE-2015-4189.json index acd56ab3510..0862c7efdce 100644 --- a/2015/4xxx/CVE-2015-4189.json +++ b/2015/4xxx/CVE-2015-4189.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150622 Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39377" - }, - { - "name" : "75349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150622 Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39377" + }, + { + "name": "75349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75349" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8070.json b/2015/8xxx/CVE-2015-8070.json index 16e49a41579..4c1f5fb23d6 100644 --- a/2015/8xxx/CVE-2015-8070.json +++ b/2015/8xxx/CVE-2015-8070.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8358.json b/2015/8xxx/CVE-2015-8358.json index 79d8702a1de..ec065f51f3b 100644 --- a/2015/8xxx/CVE-2015-8358.json +++ b/2015/8xxx/CVE-2015-8358.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the \"work\" array parameter to admin/bitrix.mpbuilder_step2.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151209 PHP File Inclusion in bitrix.mpbuilder Bitrix Module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537067/100/0/threaded" - }, - { - "name" : "38975", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38975/" - }, - { - "name" : "http://packetstormsecurity.com/files/134766/bitrix.mpbuilder-Bitrix-1.0.10-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134766/bitrix.mpbuilder-Bitrix-1.0.10-Local-File-Inclusion.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23281", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23281" - }, - { - "name" : "https://marketplace.1c-bitrix.ru/solutions/bitrix.mpbuilder/#tab-log-link", - "refsource" : "CONFIRM", - "url" : "https://marketplace.1c-bitrix.ru/solutions/bitrix.mpbuilder/#tab-log-link" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the \"work\" array parameter to admin/bitrix.mpbuilder_step2.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23281", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23281" + }, + { + "name": "http://packetstormsecurity.com/files/134766/bitrix.mpbuilder-Bitrix-1.0.10-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134766/bitrix.mpbuilder-Bitrix-1.0.10-Local-File-Inclusion.html" + }, + { + "name": "https://marketplace.1c-bitrix.ru/solutions/bitrix.mpbuilder/#tab-log-link", + "refsource": "CONFIRM", + "url": "https://marketplace.1c-bitrix.ru/solutions/bitrix.mpbuilder/#tab-log-link" + }, + { + "name": "38975", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38975/" + }, + { + "name": "20151209 PHP File Inclusion in bitrix.mpbuilder Bitrix Module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537067/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9255.json b/2015/9xxx/CVE-2015-9255.json index a84c799304e..dedf1741c1d 100644 --- a/2015/9xxx/CVE-2015-9255.json +++ b/2015/9xxx/CVE-2015-9255.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", + "refsource": "MISC", + "url": "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999016.json b/2018/1999xxx/CVE-2018-1999016.json index 3bd5f8dc128..7f32b03236c 100644 --- a/2018/1999xxx/CVE-2018-1999016.json +++ b/2018/1999xxx/CVE-2018-1999016.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-20T20:44:32.982375", - "DATE_REQUESTED" : "2018-07-17T03:36:20", - "ID" : "CVE-2018-1999016", - "REQUESTER" : "mike.gualtieri@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pydio", - "version" : { - "version_data" : [ - { - "version_value" : "8.2.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Pydio" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. This attack appear to be exploitable via the victim openning a specially crafted URL. This vulnerability appears to have been fixed in version 8.2.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-20T20:44:32.982375", + "DATE_REQUESTED": "2018-07-17T03:36:20", + "ID": "CVE-2018-1999016", + "REQUESTER": "mike.gualtieri@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt", - "refsource" : "MISC", - "url" : "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt" - }, - { - "name" : "https://pydio.com/en/community/releases/pydio-core/pydio-821-security-release", - "refsource" : "CONFIRM", - "url" : "https://pydio.com/en/community/releases/pydio-core/pydio-821-security-release" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. This attack appear to be exploitable via the victim openning a specially crafted URL. This vulnerability appears to have been fixed in version 8.2.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt", + "refsource": "MISC", + "url": "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt" + }, + { + "name": "https://pydio.com/en/community/releases/pydio-core/pydio-821-security-release", + "refsource": "CONFIRM", + "url": "https://pydio.com/en/community/releases/pydio-core/pydio-821-security-release" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2062.json b/2018/2xxx/CVE-2018-2062.json index e867a3292e1..6ee563d21f5 100644 --- a/2018/2xxx/CVE-2018-2062.json +++ b/2018/2xxx/CVE-2018-2062.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2062", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2062", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2215.json b/2018/2xxx/CVE-2018-2215.json index 85aa5eee63e..2f9068c3455 100644 --- a/2018/2xxx/CVE-2018-2215.json +++ b/2018/2xxx/CVE-2018-2215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2215", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2215", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2292.json b/2018/2xxx/CVE-2018-2292.json index ba12f0db4cf..61d3e679ab8 100644 --- a/2018/2xxx/CVE-2018-2292.json +++ b/2018/2xxx/CVE-2018-2292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2292", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2292", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2859.json b/2018/2xxx/CVE-2018-2859.json index ad9f2d76831..88ef03f7a8b 100644 --- a/2018/2xxx/CVE-2018-2859.json +++ b/2018/2xxx/CVE-2018-2859.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Services Basel Regulatory Capital Internal Ratings Based Approach", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Basel Regulatory Capital Internal Ratings Based Approach", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103827" - }, - { - "name" : "1040693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103827" + }, + { + "name": "1040693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040693" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3984.json b/2018/3xxx/CVE-2018-3984.json index 6e4ca9c8dad..8ca2a26dccc 100644 --- a/2018/3xxx/CVE-2018-3984.json +++ b/2018/3xxx/CVE-2018-3984.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlantis Word Processor", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.2.3, 3.0.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "The Atlantis Word Processor Team" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a length within a loop that will write to a pointer on the heap. Due to this value being controlled, a buffer overflow will occur, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlantis Word Processor", + "version": { + "version_data": [ + { + "version_value": "3.0.2.3, 3.0.2.5" + } + ] + } + } + ] + }, + "vendor_name": "The Atlantis Word Processor Team" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0652", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a length within a loop that will write to a pointer on the heap. Due to this value being controlled, a buffer overflow will occur, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0652", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0652" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6618.json b/2018/6xxx/CVE-2018-6618.json index 5ccbd30830a..199055316b2 100644 --- a/2018/6xxx/CVE-2018-6618.json +++ b/2018/6xxx/CVE-2018-6618.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-CLEARTEXT-PASSWORD-STORAGE.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-CLEARTEXT-PASSWORD-STORAGE.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/147557/Easy-Hosting-Control-Panel-0.37.12.b-Clear-Text-Password-Storage.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147557/Easy-Hosting-Control-Panel-0.37.12.b-Clear-Text-Password-Storage.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-CLEARTEXT-PASSWORD-STORAGE.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-CLEARTEXT-PASSWORD-STORAGE.txt" + }, + { + "name": "http://packetstormsecurity.com/files/147557/Easy-Hosting-Control-Panel-0.37.12.b-Clear-Text-Password-Storage.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147557/Easy-Hosting-Control-Panel-0.37.12.b-Clear-Text-Password-Storage.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6695.json b/2018/6xxx/CVE-2018-6695.json index eb0648c8541..ff2e60eb4c7 100644 --- a/2018/6xxx/CVE-2018-6695.json +++ b/2018/6xxx/CVE-2018-6695.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2018-6695", - "STATE" : "PUBLIC", - "TITLE" : " Threat Intelligence Exchange Server (TIE Server) SSH host keys generation vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Threat Intelligence Exchange Server (TIE Server) ", - "version" : { - "version_data" : [ - { - "affected" : "=", - "platform" : "x86", - "version_name" : "1.3.0", - "version_value" : "1.3.0" - }, - { - "affected" : ">=", - "platform" : "x86", - "version_name" : "2.0.0", - "version_value" : "2.0.0" - }, - { - "affected" : "!>=", - "platform" : "x86", - "version_name" : "2.3.0", - "version_value" : "2.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.1, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SSH host keys generation vulnerability \n" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2018-6695", + "STATE": "PUBLIC", + "TITLE": " Threat Intelligence Exchange Server (TIE Server) SSH host keys generation vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Threat Intelligence Exchange Server (TIE Server) ", + "version": { + "version_data": [ + { + "affected": "=", + "platform": "x86", + "version_name": "1.3.0", + "version_value": "1.3.0" + }, + { + "affected": ">=", + "platform": "x86", + "version_name": "2.0.0", + "version_value": "2.0.0" + }, + { + "affected": "!>=", + "platform": "x86", + "version_name": "2.3.0", + "version_value": "2.3.0" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10253", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10253" - } - ] - }, - "source" : { - "advisory" : "SB10253", - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SSH host keys generation vulnerability \n" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10253", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10253" + } + ] + }, + "source": { + "advisory": "SB10253", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6701.json b/2018/6xxx/CVE-2018-6701.json index b1e991f40f0..6f6281db2fd 100644 --- a/2018/6xxx/CVE-2018-6701.json +++ b/2018/6xxx/CVE-2018-6701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6739.json b/2018/6xxx/CVE-2018-6739.json index 2adc2a878e3..f1e44e2f93f 100644 --- a/2018/6xxx/CVE-2018-6739.json +++ b/2018/6xxx/CVE-2018-6739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7236.json b/2018/7xxx/CVE-2018-7236.json index 9997840bf39..0845379f974 100644 --- a/2018/7xxx/CVE-2018-7236.json +++ b/2018/7xxx/CVE-2018-7236.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-03-01T00:00:00", - "ID" : "CVE-2018-7236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pelco Sarix Professional", - "version" : { - "version_data" : [ - { - "version_value" : "all firmware versions prior to 3.29.76" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-03-01T00:00:00", + "ID": "CVE-2018-7236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pelco Sarix Professional", + "version": { + "version_data": [ + { + "version_value": "all firmware versions prior to 3.29.76" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7594.json b/2018/7xxx/CVE-2018-7594.json index 55969d73bed..b82e3729fe8 100644 --- a/2018/7xxx/CVE-2018-7594.json +++ b/2018/7xxx/CVE-2018-7594.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7594", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7594", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7896.json b/2018/7xxx/CVE-2018-7896.json index ab043c84660..f6efd2195fe 100644 --- a/2018/7xxx/CVE-2018-7896.json +++ b/2018/7xxx/CVE-2018-7896.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7896", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7896", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5195.json b/2019/5xxx/CVE-2019-5195.json index 1a9c683d0ac..3d3a74061e1 100644 --- a/2019/5xxx/CVE-2019-5195.json +++ b/2019/5xxx/CVE-2019-5195.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5195", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5195", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5292.json b/2019/5xxx/CVE-2019-5292.json index eaed8edabca..3367563579f 100644 --- a/2019/5xxx/CVE-2019-5292.json +++ b/2019/5xxx/CVE-2019-5292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5292", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5292", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5825.json b/2019/5xxx/CVE-2019-5825.json index a6387175ce4..54e410ed08c 100644 --- a/2019/5xxx/CVE-2019-5825.json +++ b/2019/5xxx/CVE-2019-5825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5825", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5825", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file