diff --git a/1999/0xxx/CVE-1999-0212.json b/1999/0xxx/CVE-1999-0212.json index 387d0291a85..22c4a88fe76 100644 --- a/1999/0xxx/CVE-1999-0212.json +++ b/1999/0xxx/CVE-1999-0212.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00168", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168" - }, - { - "name" : "I-048", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/i-048.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "00168", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168" + }, + { + "name": "I-048", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/i-048.shtml" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0735.json b/1999/0xxx/CVE-1999-0735.json index df1ba0f2ca5..d802ef95559 100644 --- a/1999/0xxx/CVE-1999-0735.json +++ b/1999/0xxx/CVE-1999-0735.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-1999:015-01", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA1999015_01.html" - }, - { - "name" : "300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-1999:015-01", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA1999015_01.html" + }, + { + "name": "300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/300" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1053.json b/2000/1xxx/CVE-2000-1053.json index 8969189fdab..9178ad692cf 100644 --- a/2000/1xxx/CVE-2000-1053.json +++ b/2000/1xxx/CVE-2000-1053.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001023 Allaire JRUN 2.3 Remote command execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97236125107957&w=2" - }, - { - "name" : "ASB00-029", - "refsource" : "ALLAIRE", - "url" : "http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full" - }, - { - "name" : "allaire-jrun-jsp-execute(5406)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ASB00-029", + "refsource": "ALLAIRE", + "url": "http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full" + }, + { + "name": "20001023 Allaire JRUN 2.3 Remote command execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97236125107957&w=2" + }, + { + "name": "allaire-jrun-jsp-execute(5406)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5406" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2376.json b/2005/2xxx/CVE-2005-2376.json index 0dd2867c968..712b05805f6 100644 --- a/2005/2xxx/CVE-2005-2376.json +++ b/2005/2xxx/CVE-2005-2376.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050718 Broadcast format string and buffer-overflow in Race Driver 1.20", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112171364923678&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/rdrum-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/rdrum-adv.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/rdrum-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/rdrum-adv.txt" + }, + { + "name": "20050718 Broadcast format string and buffer-overflow in Race Driver 1.20", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112171364923678&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2387.json b/2005/2xxx/CVE-2005-2387.json index 03401d7c383..aafc84515b7 100644 --- a/2005/2xxx/CVE-2005-2387.json +++ b/2005/2xxx/CVE-2005-2387.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 allow remote attackers to execute arbitrary code via (1) a RCPT TO command with a long DNS name, or (2) a large number of RCPT TO commands with a long e-mail name arugment in the last command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050723 GoodTech SMTP server 5.16 RCPT TO command remote buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Jul/0402.html" - }, - { - "name" : "14357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 allow remote attackers to execute arbitrary code via (1) a RCPT TO command with a long DNS name, or (2) a large number of RCPT TO commands with a long e-mail name arugment in the last command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050723 GoodTech SMTP server 5.16 RCPT TO command remote buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Jul/0402.html" + }, + { + "name": "14357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14357" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2719.json b/2005/2xxx/CVE-2005-2719.json index da17d85ae95..8eb195b3310 100644 --- a/2005/2xxx/CVE-2005-2719.json +++ b/2005/2xxx/CVE-2005-2719.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash) via a status packet that contains less data than specified in the packet header sent to UDP port 3784." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050823 Server crash in Ventrilo 2.3.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112483407515020&w=2" - }, - { - "name" : "20050823 Server crash in Ventrilo 2.3.0", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036407.html" - }, - { - "name" : "14644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14644" - }, - { - "name" : "1014784", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014784" - }, - { - "name" : "16551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16551/" - }, - { - "name" : "ventrilo-status-dos(21996)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash) via a status packet that contains less data than specified in the packet header sent to UDP port 3784." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ventrilo-status-dos(21996)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21996" + }, + { + "name": "14644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14644" + }, + { + "name": "20050823 Server crash in Ventrilo 2.3.0", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036407.html" + }, + { + "name": "1014784", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014784" + }, + { + "name": "16551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16551/" + }, + { + "name": "20050823 Server crash in Ventrilo 2.3.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112483407515020&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3211.json b/2005/3xxx/CVE-2005-3211.json index 1a88ecabfe8..5dbf4c32e12 100644 --- a/2005/3xxx/CVE-2005-3211.json +++ b/2005/3xxx/CVE-2005-3211.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3363.json b/2005/3xxx/CVE-2005-3363.json index 7478d47fd84..b90ac4e3770 100644 --- a/2005/3xxx/CVE-2005-3363.json +++ b/2005/3xxx/CVE-2005-3363.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051024 SQL saphp Lesson", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113018965520240&w=2" - }, - { - "name" : "20060711 saphp \"add.php\" forumid Parameter SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440120/100/0/threaded" - }, - { - "name" : "20060412 SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430906/30/5610/threaded" - }, - { - "name" : "20070704 SQL Injection in saphp \"showcat.php\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472799/100/0/threaded" - }, - { - "name" : "1530", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1530" - }, - { - "name" : "20051029 Saphp Lesson", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2005-October/000313.html" - }, - { - "name" : "15185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15185" - }, - { - "name" : "20289", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20289" - }, - { - "name" : "20290", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20290" - }, - { - "name" : "17308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17308/" - }, - { - "name" : "111", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/111" - }, - { - "name" : "saphplesson-multiple-sql-injection(22861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22861" - }, - { - "name" : "saphp-add-sql-injection(27746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17308/" + }, + { + "name": "111", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/111" + }, + { + "name": "20060412 SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430906/30/5610/threaded" + }, + { + "name": "saphplesson-multiple-sql-injection(22861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22861" + }, + { + "name": "15185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15185" + }, + { + "name": "1530", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1530" + }, + { + "name": "20060711 saphp \"add.php\" forumid Parameter SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440120/100/0/threaded" + }, + { + "name": "20070704 SQL Injection in saphp \"showcat.php\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472799/100/0/threaded" + }, + { + "name": "saphp-add-sql-injection(27746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27746" + }, + { + "name": "20290", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20290" + }, + { + "name": "20051024 SQL saphp Lesson", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113018965520240&w=2" + }, + { + "name": "20051029 Saphp Lesson", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2005-October/000313.html" + }, + { + "name": "20289", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20289" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3410.json b/2005/3xxx/CVE-2005-3410.json index 795ce230bac..61341714bc0 100644 --- a/2005/3xxx/CVE-2005-3410.json +++ b/2005/3xxx/CVE-2005-3410.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3410", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3410", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3653.json b/2005/3xxx/CVE-2005-3653.json index 81cdc50b781..ef86b5a9e08 100644 --- a/2005/3xxx/CVE-2005-3653.json +++ b/2005/3xxx/CVE-2005-3653.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376" - }, - { - "name" : "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423403/100/0/threaded" - }, - { - "name" : "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113803349715927&w=2" - }, - { - "name" : "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423288/100/0/threaded" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778" - }, - { - "name" : "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp" - }, - { - "name" : "16354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16354" - }, - { - "name" : "ADV-2006-0311", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0311" - }, - { - "name" : "22688", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22688" - }, - { - "name" : "1015526", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015526" - }, - { - "name" : "18591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18591" - }, - { - "name" : "380", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/380" - }, - { - "name" : "ca-igateway-contentlength-bo(24269)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015526", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015526" + }, + { + "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113803349715927&w=2" + }, + { + "name": "22688", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22688" + }, + { + "name": "18591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18591" + }, + { + "name": "16354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16354" + }, + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778" + }, + { + "name": "380", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/380" + }, + { + "name": "ca-igateway-contentlength-bo(24269)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269" + }, + { + "name": "ADV-2006-0311", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0311" + }, + { + "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded" + }, + { + "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376" + }, + { + "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded" + }, + { + "name": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3738.json b/2005/3xxx/CVE-2005-3738.json index 31bf48a9abc..2d0ff8e0a3a 100644 --- a/2005/3xxx/CVE-2005-3738.json +++ b/2005/3xxx/CVE-2005-3738.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051116 mambo remote code sexecution", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html" - }, - { - "name" : "20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417215" - }, - { - "name" : "http://forum.mamboserver.com/showthread.php?t=66154", - "refsource" : "CONFIRM", - "url" : "http://forum.mamboserver.com/showthread.php?t=66154" - }, - { - "name" : "20060307 PHP-based CMS mass-exploitation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426942/100/0/threaded" - }, - { - "name" : "20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427196/100/0/threaded" - }, - { - "name" : "15461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15461" - }, - { - "name" : "ADV-2005-2473", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2473" - }, - { - "name" : "1015258", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015258" - }, - { - "name" : "17622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060307 PHP-based CMS mass-exploitation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426942/100/0/threaded" + }, + { + "name": "15461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15461" + }, + { + "name": "17622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17622" + }, + { + "name": "http://forum.mamboserver.com/showthread.php?t=66154", + "refsource": "CONFIRM", + "url": "http://forum.mamboserver.com/showthread.php?t=66154" + }, + { + "name": "1015258", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015258" + }, + { + "name": "20051116 mambo remote code sexecution", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html" + }, + { + "name": "20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427196/100/0/threaded" + }, + { + "name": "20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417215" + }, + { + "name": "ADV-2005-2473", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2473" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5035.json b/2007/5xxx/CVE-2007-5035.json index c0adbcab804..607b57324d5 100644 --- a/2007/5xxx/CVE-2007-5035.json +++ b/2007/5xxx/CVE-2007-5035.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://arfis.wordpress.com/2007/09/14/rfi-03-openengine/", - "refsource" : "MISC", - "url" : "http://arfis.wordpress.com/2007/09/14/rfi-03-openengine/" - }, - { - "name" : "25716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25716" - }, - { - "name" : "38727", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://arfis.wordpress.com/2007/09/14/rfi-03-openengine/", + "refsource": "MISC", + "url": "http://arfis.wordpress.com/2007/09/14/rfi-03-openengine/" + }, + { + "name": "38727", + "refsource": "OSVDB", + "url": "http://osvdb.org/38727" + }, + { + "name": "25716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25716" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5496.json b/2007/5xxx/CVE-2007-5496.json index bf80f658d64..8ac021810eb 100644 --- a/2007/5xxx/CVE-2007-5496.json +++ b/2007/5xxx/CVE-2007-5496.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-5496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=288271", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=288271" - }, - { - "name" : "RHSA-2008:0061", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0061.html" - }, - { - "name" : "29324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29324" - }, - { - "name" : "oval:org.mitre.oval:def:10455", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455" - }, - { - "name" : "1020078", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020078" - }, - { - "name" : "30339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30339" - }, - { - "name" : "setroubleshoot-sealert-avc-xss(42592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020078", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020078" + }, + { + "name": "29324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29324" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=288271", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=288271" + }, + { + "name": "setroubleshoot-sealert-avc-xss(42592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42592" + }, + { + "name": "30339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30339" + }, + { + "name": "oval:org.mitre.oval:def:10455", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455" + }, + { + "name": "RHSA-2008:0061", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0061.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2572.json b/2009/2xxx/CVE-2009-2572.json index e3e248eafe0..3e3993dcf7b 100644 --- a/2009/2xxx/CVE-2009-2572.json +++ b/2009/2xxx/CVE-2009-2572.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/449026", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/449026" - }, - { - "name" : "http://drupal.org/node/449028", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/449028" - }, - { - "name" : "http://drupal.org/node/449042", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/449042" - }, - { - "name" : "54154", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54154" - }, - { - "name" : "34956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34956" - }, - { - "name" : "ADV-2009-1215", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1215" - }, - { - "name" : "fivestar-unspecified-csrf(50245)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fivestar-unspecified-csrf(50245)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50245" + }, + { + "name": "54154", + "refsource": "OSVDB", + "url": "http://osvdb.org/54154" + }, + { + "name": "http://drupal.org/node/449028", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/449028" + }, + { + "name": "34956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34956" + }, + { + "name": "ADV-2009-1215", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1215" + }, + { + "name": "http://drupal.org/node/449042", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/449042" + }, + { + "name": "http://drupal.org/node/449026", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/449026" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2838.json b/2009/2xxx/CVE-2009-2838.json index 06230260acd..726f06dcb9f 100644 --- a/2009/2xxx/CVE-2009-2838.json +++ b/2009/2xxx/CVE-2009-2838.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "36956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36956" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36956" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3620.json b/2009/3xxx/CVE-2009-3620.json index 7e98aac5538..b63d1f4d1ba 100644 --- a/2009/3xxx/CVE-2009-3620.json +++ b/2009/3xxx/CVE-2009-3620.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20090921 [git pull] drm tree.", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.linux.kernel/892259" - }, - { - "name" : "[oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/19/1" - }, - { - "name" : "[oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/19/3" - }, - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7dc482dfeeeefcfd000d4271c4626937406756d7", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7dc482dfeeeefcfd000d4271c4626937406756d7" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=529597", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=529597" - }, - { - "name" : "FEDORA-2009-11038", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html" - }, - { - "name" : "MDVSA-2010:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088" - }, - { - "name" : "MDVSA-2010:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" - }, - { - "name" : "RHSA-2009:1540", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1540.html" - }, - { - "name" : "RHSA-2009:1670", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1670.html" - }, - { - "name" : "RHSA-2009:1671", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1671.html" - }, - { - "name" : "RHSA-2010:0882", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0882.html" - }, - { - "name" : "SUSE-SA:2009:061", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html" - }, - { - "name" : "USN-864-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-864-1" - }, - { - "name" : "36824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36824" - }, - { - "name" : "oval:org.mitre.oval:def:6763", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763" - }, - { - "name" : "oval:org.mitre.oval:def:9891", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891" - }, - { - "name" : "36707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36707" - }, - { - "name" : "37909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37909" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "38834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38834" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/19/3" + }, + { + "name": "RHSA-2009:1671", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html" + }, + { + "name": "36824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36824" + }, + { + "name": "oval:org.mitre.oval:def:9891", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891" + }, + { + "name": "RHSA-2009:1540", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=529597", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529597" + }, + { + "name": "SUSE-SA:2009:061", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html" + }, + { + "name": "USN-864-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-864-1" + }, + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "36707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36707" + }, + { + "name": "MDVSA-2010:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + }, + { + "name": "[linux-kernel] 20090921 [git pull] drm tree.", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.linux.kernel/892259" + }, + { + "name": "MDVSA-2010:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088" + }, + { + "name": "SUSE-SA:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log" + }, + { + "name": "37909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37909" + }, + { + "name": "oval:org.mitre.oval:def:6763", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763" + }, + { + "name": "RHSA-2010:0882", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html" + }, + { + "name": "RHSA-2009:1670", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html" + }, + { + "name": "SUSE-SA:2009:064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html" + }, + { + "name": "[oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/19/1" + }, + { + "name": "38834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38834" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7dc482dfeeeefcfd000d4271c4626937406756d7", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7dc482dfeeeefcfd000d4271c4626937406756d7" + }, + { + "name": "SUSE-SA:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html" + }, + { + "name": "FEDORA-2009-11038", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3713.json b/2009/3xxx/CVE-2009-3713.json index 7ba94af28d6..33dc2009996 100644 --- a/2009/3xxx/CVE-2009-3713.json +++ b/2009/3xxx/CVE-2009-3713.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9121", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9121" - }, - { - "name" : "55796", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55796" - }, - { - "name" : "35778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35778" - }, - { - "name" : "morcegocms-fichero-sql-injection(51658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "morcegocms-fichero-sql-injection(51658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51658" + }, + { + "name": "55796", + "refsource": "OSVDB", + "url": "http://osvdb.org/55796" + }, + { + "name": "9121", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9121" + }, + { + "name": "35778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35778" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3779.json b/2009/3xxx/CVE-2009-3779.json index f7298059a75..bae1a680e95 100644 --- a/2009/3xxx/CVE-2009-3779.json +++ b/2009/3xxx/CVE-2009-3779.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/610416", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/610416" - }, - { - "name" : "http://drupal.org/node/610420", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/610420" - }, - { - "name" : "http://drupal.org/node/610996", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/610996" - }, - { - "name" : "36789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36789" - }, - { - "name" : "37127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37127" - }, - { - "name" : "ADV-2009-3002", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3002" - }, - { - "name" : "vcard-themevcard-xss(53903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3002", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3002" + }, + { + "name": "36789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36789" + }, + { + "name": "vcard-themevcard-xss(53903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53903" + }, + { + "name": "37127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37127" + }, + { + "name": "http://drupal.org/node/610996", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/610996" + }, + { + "name": "http://drupal.org/node/610416", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/610416" + }, + { + "name": "http://drupal.org/node/610420", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/610420" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0334.json b/2015/0xxx/CVE-2015-0334.json index dd00da6d11c..27f0b05ef07 100644 --- a/2015/0xxx/CVE-2015-0334.json +++ b/2015/0xxx/CVE-2015-0334.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-0336." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html" - }, - { - "name" : "GLSA-201503-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-09" - }, - { - "name" : "RHSA-2015:0697", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0697.html" - }, - { - "name" : "SUSE-SU-2015:0491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:0493", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html" - }, - { - "name" : "openSUSE-SU-2015:0490", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:0496", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html" - }, - { - "name" : "1031922", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-0336." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0490", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html" + }, + { + "name": "GLSA-201503-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-09" + }, + { + "name": "1031922", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031922" + }, + { + "name": "SUSE-SU-2015:0493", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html" + }, + { + "name": "openSUSE-SU-2015:0496", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html" + }, + { + "name": "RHSA-2015:0697", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0697.html" + }, + { + "name": "SUSE-SU-2015:0491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0668.json b/2015/0xxx/CVE-2015-0668.json index e9766ac29fe..0189042f4dd 100644 --- a/2015/0xxx/CVE-2015-0668.json +++ b/2015/0xxx/CVE-2015-0668.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150319 Cisco WebEx Meetings Server Administrative Portal Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37934" - }, - { - "name" : "1031968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031968" + }, + { + "name": "20150319 Cisco WebEx Meetings Server Administrative Portal Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37934" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1720.json b/2015/1xxx/CVE-2015-1720.json index af2fe9f8061..a97f720cc04 100644 --- a/2015/1xxx/CVE-2015-1720.json +++ b/2015/1xxx/CVE-2015-1720.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Microsoft Windows Kernel Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061" - }, - { - "name" : "1032525", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Microsoft Windows Kernel Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032525", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032525" + }, + { + "name": "MS15-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1727.json b/2015/1xxx/CVE-2015-1727.json index 93249963f5d..619bfb676c1 100644 --- a/2015/1xxx/CVE-2015-1727.json +++ b/2015/1xxx/CVE-2015-1727.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Win32k Pool Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38268", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38268/" - }, - { - "name" : "MS15-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061" - }, - { - "name" : "1032525", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Win32k Pool Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38268", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38268/" + }, + { + "name": "1032525", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032525" + }, + { + "name": "MS15-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1878.json b/2015/1xxx/CVE-2015-1878.json index 9c67c28b3a8..e55fed9abf5 100644 --- a/2015/1xxx/CVE-2015-1878.json +++ b/2015/1xxx/CVE-2015-1878.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1032152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032152" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4508.json b/2015/4xxx/CVE-2015-4508.json index d3f48cfe6ce..5394104b00e 100644 --- a/2015/4xxx/CVE-2015-4508.json +++ b/2015/4xxx/CVE-2015-4508.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-103.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-103.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1195976", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1195976" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "openSUSE-SU-2015:1658", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" - }, - { - "name" : "USN-2743-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-4" - }, - { - "name" : "USN-2743-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-1" - }, - { - "name" : "USN-2743-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-2" - }, - { - "name" : "USN-2743-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-3" - }, - { - "name" : "76815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76815" - }, - { - "name" : "1033640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2743-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-4" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-103.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-103.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2743-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-3" + }, + { + "name": "76815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76815" + }, + { + "name": "USN-2743-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-2" + }, + { + "name": "1033640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033640" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1195976", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1195976" + }, + { + "name": "openSUSE-SU-2015:1658", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" + }, + { + "name": "USN-2743-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4842.json b/2015/4xxx/CVE-2015-4842.json index 16491ca1a54..ec4bc4e6285 100644 --- a/2015/4xxx/CVE-2015-4842.json +++ b/2015/4xxx/CVE-2015-4842.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3381", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3381" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "GLSA-201603-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-14" - }, - { - "name" : "RHSA-2016:1430", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1430" - }, - { - "name" : "RHSA-2015:2506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2506.html" - }, - { - "name" : "RHSA-2015:2507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2507.html" - }, - { - "name" : "RHSA-2015:2508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2508.html" - }, - { - "name" : "RHSA-2015:2509", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2509.html" - }, - { - "name" : "RHSA-2015:1919", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1919.html" - }, - { - "name" : "RHSA-2015:1920", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1920.html" - }, - { - "name" : "RHSA-2015:1921", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1921.html" - }, - { - "name" : "RHSA-2015:1926", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1926.html" - }, - { - "name" : "RHSA-2015:1927", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1927.html" - }, - { - "name" : "RHSA-2015:1928", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1928.html" - }, - { - "name" : "SUSE-SU-2016:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2016:0270", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" - }, - { - "name" : "SUSE-SU-2015:2166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:2168", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:2182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:2192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:2216", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:2268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html" - }, - { - "name" : "SUSE-SU-2015:1874", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:1875", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html" - }, - { - "name" : "openSUSE-SU-2015:1902", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html" - }, - { - "name" : "openSUSE-SU-2015:1905", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:1906", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html" - }, - { - "name" : "USN-2827-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2827-1" - }, - { - "name" : "USN-2784-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2784-1" - }, - { - "name" : "77154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77154" - }, - { - "name" : "1033884", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:2182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" + }, + { + "name": "USN-2784-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2784-1" + }, + { + "name": "openSUSE-SU-2015:1905", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html" + }, + { + "name": "SUSE-SU-2015:2192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" + }, + { + "name": "openSUSE-SU-2015:1906", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html" + }, + { + "name": "RHSA-2015:2507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2507.html" + }, + { + "name": "RHSA-2015:1928", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1928.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "RHSA-2016:1430", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1430" + }, + { + "name": "RHSA-2015:2506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2506.html" + }, + { + "name": "77154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77154" + }, + { + "name": "RHSA-2015:2509", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2509.html" + }, + { + "name": "1033884", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033884" + }, + { + "name": "SUSE-SU-2015:2166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "openSUSE-SU-2016:0270", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" + }, + { + "name": "RHSA-2015:1919", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1919.html" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "openSUSE-SU-2015:1902", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html" + }, + { + "name": "RHSA-2015:1920", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1920.html" + }, + { + "name": "GLSA-201603-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-14" + }, + { + "name": "SUSE-SU-2015:2216", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" + }, + { + "name": "RHSA-2015:1927", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1927.html" + }, + { + "name": "openSUSE-SU-2015:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html" + }, + { + "name": "SUSE-SU-2015:2268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html" + }, + { + "name": "SUSE-SU-2015:2168", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" + }, + { + "name": "RHSA-2015:1921", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1921.html" + }, + { + "name": "SUSE-SU-2015:1874", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html" + }, + { + "name": "DSA-3381", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3381" + }, + { + "name": "RHSA-2015:1926", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1926.html" + }, + { + "name": "SUSE-SU-2015:1875", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html" + }, + { + "name": "RHSA-2015:2508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2508.html" + }, + { + "name": "SUSE-SU-2016:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" + }, + { + "name": "USN-2827-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2827-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4884.json b/2015/4xxx/CVE-2015-4884.json index 94c189b4228..5a4a6663f36 100644 --- a/2015/4xxx/CVE-2015-4884.json +++ b/2015/4xxx/CVE-2015-4884.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Single Signon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Single Signon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033877" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4998.json b/2015/4xxx/CVE-2015-4998.json index e26d48c5a3f..0e3884659a0 100644 --- a/2015/4xxx/CVE-2015-4998.json +++ b/2015/4xxx/CVE-2015-4998.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21970176", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21970176" - }, - { - "name" : "PI47712", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47712" - }, - { - "name" : "1034284", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PI47712", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47712" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176" + }, + { + "name": "1034284", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034284" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8112.json b/2015/8xxx/CVE-2015-8112.json index 62b0e0b21d8..6a75ec674c4 100644 --- a/2015/8xxx/CVE-2015-8112.json +++ b/2015/8xxx/CVE-2015-8112.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8112", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8112", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8370.json b/2015/8xxx/CVE-2015-8370.json index 8d35899501c..392b50b9dca 100644 --- a/2015/8xxx/CVE-2015-8370.json +++ b/2015/8xxx/CVE-2015-8370.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537115/100/0/threaded" - }, - { - "name" : "20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Dec/69" - }, - { - "name" : "[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/15/6" - }, - { - "name" : "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html", - "refsource" : "MISC", - "url" : "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html" - }, - { - "name" : "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3421", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3421" - }, - { - "name" : "FEDORA-2015-cebe5133e7", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html" - }, - { - "name" : "FEDORA-2015-90c27b6e91", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html" - }, - { - "name" : "GLSA-201512-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-03" - }, - { - "name" : "RHSA-2015:2623", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2623.html" - }, - { - "name" : "SUSE-SU-2015:2385", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html" - }, - { - "name" : "SUSE-SU-2015:2386", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html" - }, - { - "name" : "SUSE-SU-2015:2387", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html" - }, - { - "name" : "SUSE-SU-2015:2399", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html" - }, - { - "name" : "openSUSE-SU-2015:2375", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html" - }, - { - "name" : "openSUSE-SU-2015:2392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html" - }, - { - "name" : "openSUSE-SU-2016:0036", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html" - }, - { - "name" : "USN-2836-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2836-1" - }, - { - "name" : "79358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79358" - }, - { - "name" : "1034422", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html" + }, + { + "name": "openSUSE-SU-2015:2392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html" + }, + { + "name": "openSUSE-SU-2016:0036", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html" + }, + { + "name": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html", + "refsource": "MISC", + "url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html" + }, + { + "name": "79358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79358" + }, + { + "name": "openSUSE-SU-2015:2375", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html" + }, + { + "name": "1034422", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034422" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "SUSE-SU-2015:2387", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html" + }, + { + "name": "SUSE-SU-2015:2386", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/15/6" + }, + { + "name": "20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded" + }, + { + "name": "SUSE-SU-2015:2385", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html" + }, + { + "name": "20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Dec/69" + }, + { + "name": "GLSA-201512-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-03" + }, + { + "name": "FEDORA-2015-cebe5133e7", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html" + }, + { + "name": "USN-2836-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2836-1" + }, + { + "name": "FEDORA-2015-90c27b6e91", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html" + }, + { + "name": "RHSA-2015:2623", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html" + }, + { + "name": "SUSE-SU-2015:2399", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html" + }, + { + "name": "DSA-3421", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3421" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8924.json b/2015/8xxx/CVE-2015-8924.json index b51f0e34924..908f6d2e2d4 100644 --- a/2015/8xxx/CVE-2015-8924.json +++ b/2015/8xxx/CVE-2015-8924.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160617 Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/2" - }, - { - "name" : "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/5" - }, - { - "name" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" - }, - { - "name" : "https://github.com/libarchive/libarchive/issues/515", - "refsource" : "CONFIRM", - "url" : "https://github.com/libarchive/libarchive/issues/515" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3657", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3657" - }, - { - "name" : "GLSA-201701-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-03" - }, - { - "name" : "RHSA-2016:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1844.html" - }, - { - "name" : "SUSE-SU-2016:1909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html" - }, - { - "name" : "USN-3033-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3033-1" - }, - { - "name" : "91308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3033-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3033-1" + }, + { + "name": "RHSA-2016:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html" + }, + { + "name": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "91308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91308" + }, + { + "name": "SUSE-SU-2016:1909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html" + }, + { + "name": "[oss-security] 20160617 Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/2" + }, + { + "name": "GLSA-201701-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-03" + }, + { + "name": "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/5" + }, + { + "name": "DSA-3657", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3657" + }, + { + "name": "https://github.com/libarchive/libarchive/issues/515", + "refsource": "CONFIRM", + "url": "https://github.com/libarchive/libarchive/issues/515" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5587.json b/2016/5xxx/CVE-2016-5587.json index da3e7ac55c1..10e078d6009 100644 --- a/2016/5xxx/CVE-2016-5587.json +++ b/2016/5xxx/CVE-2016-5587.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5591 and CVE-2016-5593." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "93699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93699" - }, - { - "name" : "1037038", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5591 and CVE-2016-5593." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "93699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93699" + }, + { + "name": "1037038", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037038" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5781.json b/2016/5xxx/CVE-2016-5781.json index 509171cc7fa..6204e8fc217 100644 --- a/2016/5xxx/CVE-2016-5781.json +++ b/2016/5xxx/CVE-2016-5781.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-5781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01" - }, - { - "name" : "91522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91522" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2083.json b/2018/2xxx/CVE-2018-2083.json index ba0bb7d6a43..38147237ae9 100644 --- a/2018/2xxx/CVE-2018-2083.json +++ b/2018/2xxx/CVE-2018-2083.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2083", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2083", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2526.json b/2018/2xxx/CVE-2018-2526.json index 9c882dac14c..503057f390a 100644 --- a/2018/2xxx/CVE-2018-2526.json +++ b/2018/2xxx/CVE-2018-2526.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2526", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2526", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2561.json b/2018/2xxx/CVE-2018-2561.json index 224c7d4120f..4214cdd218a 100644 --- a/2018/2xxx/CVE-2018-2561.json +++ b/2018/2xxx/CVE-2018-2561.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HTTP Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.7.0" - }, - { - "version_affected" : "=", - "version_value" : "11.1.1.9.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HTTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.7.0" + }, + { + "version_affected": "=", + "version_value": "11.1.1.9.0" + }, + { + "version_affected": "=", + "version_value": "12.1.3.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102565" - }, - { - "name" : "1040210", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102565" + }, + { + "name": "1040210", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040210" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2653.json b/2018/2xxx/CVE-2018-2653.json index bf6562b95a6..129c703ac96 100644 --- a/2018/2xxx/CVE-2018-2653.json +++ b/2018/2xxx/CVE-2018-2653.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Connected Query). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102596", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102596" - }, - { - "name" : "1040204", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Connected Query). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102596", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102596" + }, + { + "name": "1040204", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040204" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6124.json b/2018/6xxx/CVE-2018-6124.json index e6b107297a4..e50fdafc79d 100644 --- a/2018/6xxx/CVE-2018-6124.json +++ b/2018/6xxx/CVE-2018-6124.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "67.0.3396.62" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type Confusion" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "67.0.3396.62" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/840320", - "refsource" : "MISC", - "url" : "https://crbug.com/840320" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" - }, - { - "name" : "DSA-4237", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4237" - }, - { - "name" : "RHSA-2018:1815", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1815" - }, - { - "name" : "104309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104309" - }, - { - "name" : "1041014", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/840320", + "refsource": "MISC", + "url": "https://crbug.com/840320" + }, + { + "name": "104309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104309" + }, + { + "name": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" + }, + { + "name": "1041014", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041014" + }, + { + "name": "RHSA-2018:1815", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1815" + }, + { + "name": "DSA-4237", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4237" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6390.json b/2018/6xxx/CVE-2018-6390.json index 24c3757cc6a..6bdae5b06e8 100644 --- a/2018/6xxx/CVE-2018-6390.json +++ b/2018/6xxx/CVE-2018-6390.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Khwarezmia/WPS_POC/tree/master/wps_20180129", - "refsource" : "MISC", - "url" : "https://github.com/Khwarezmia/WPS_POC/tree/master/wps_20180129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Khwarezmia/WPS_POC/tree/master/wps_20180129", + "refsource": "MISC", + "url": "https://github.com/Khwarezmia/WPS_POC/tree/master/wps_20180129" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6516.json b/2018/6xxx/CVE-2018-6516.json index 657719cd48b..38f562f1e1e 100644 --- a/2018/6xxx/CVE-2018-6516.json +++ b/2018/6xxx/CVE-2018-6516.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@puppet.com", - "DATE_PUBLIC" : "2018-06-07T00:00:00", - "ID" : "CVE-2018-6516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pe-client-tools", - "version" : { - "version_data" : [ - { - "version_value" : "16.4.x prior to 16.4.6" - }, - { - "version_value" : "17.3.x prior to 17.3.6" - }, - { - "version_value" : "18.1.x prior to 18.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Puppet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@puppet.com", + "DATE_PUBLIC": "2018-06-07T00:00:00", + "ID": "CVE-2018-6516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pe-client-tools", + "version": { + "version_data": [ + { + "version_value": "16.4.x prior to 16.4.6" + }, + { + "version_value": "17.3.x prior to 17.3.6" + }, + { + "version_value": "18.1.x prior to 18.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Puppet" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://puppet.com/security/cve/CVE-2018-6516", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/CVE-2018-6516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/CVE-2018-6516", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/CVE-2018-6516" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6673.json b/2018/6xxx/CVE-2018-6673.json index 93100c9ff59..ee44b56cf0b 100644 --- a/2018/6xxx/CVE-2018-6673.json +++ b/2018/6xxx/CVE-2018-6673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6817.json b/2018/6xxx/CVE-2018-6817.json index f0292b826c1..115e3199ffe 100644 --- a/2018/6xxx/CVE-2018-6817.json +++ b/2018/6xxx/CVE-2018-6817.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6817", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6817", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6931.json b/2018/6xxx/CVE-2018-6931.json index 72d13194e4a..7090bd02149 100644 --- a/2018/6xxx/CVE-2018-6931.json +++ b/2018/6xxx/CVE-2018-6931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7438.json b/2018/7xxx/CVE-2018-7438.json index b838cd107c0..e6439046f6a 100644 --- a/2018/7xxx/CVE-2018-7438.json +++ b/2018/7xxx/CVE-2018-7438.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547889", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547889" - }, - { - "name" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE" - }, - { - "name" : "DSA-4129", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html" + }, + { + "name": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547889", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547889" + }, + { + "name": "DSA-4129", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4129" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7471.json b/2018/7xxx/CVE-2018-7471.json index 366e756cae8..bba6bec5b78 100644 --- a/2018/7xxx/CVE-2018-7471.json +++ b/2018/7xxx/CVE-2018-7471.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cnvd.org.cn/flaw/show/1202823", - "refsource" : "MISC", - "url" : "http://www.cnvd.org.cn/flaw/show/1202823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cnvd.org.cn/flaw/show/1202823", + "refsource": "MISC", + "url": "http://www.cnvd.org.cn/flaw/show/1202823" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7935.json b/2018/7xxx/CVE-2018-7935.json index a8eb0d9aa44..643ba850b3f 100644 --- a/2018/7xxx/CVE-2018-7935.json +++ b/2018/7xxx/CVE-2018-7935.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7935", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7935", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7989.json b/2018/7xxx/CVE-2018-7989.json index 27853f594a4..d2f3739dfe5 100644 --- a/2018/7xxx/CVE-2018-7989.json +++ b/2018/7xxx/CVE-2018-7989.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mate 10 pro", - "version" : { - "version_data" : [ - { - "version_value" : "The versions before BLA-AL00B 8.1.0.326(C00)" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "improper authentication" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mate 10 pro", + "version": { + "version_data": [ + { + "version_value": "The versions before BLA-AL00B 8.1.0.326(C00)" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1361.json b/2019/1xxx/CVE-2019-1361.json index db6a1bf887c..c666e9b1f4e 100644 --- a/2019/1xxx/CVE-2019-1361.json +++ b/2019/1xxx/CVE-2019-1361.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1361", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1361", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1709.json b/2019/1xxx/CVE-2019-1709.json index 21626dbafea..35f53c6a8ed 100644 --- a/2019/1xxx/CVE-2019-1709.json +++ b/2019/1xxx/CVE-2019-1709.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1709", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1709", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5608.json b/2019/5xxx/CVE-2019-5608.json index b6d186969ce..b46d51aedf8 100644 --- a/2019/5xxx/CVE-2019-5608.json +++ b/2019/5xxx/CVE-2019-5608.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5608", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5608", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5711.json b/2019/5xxx/CVE-2019-5711.json index 84d6dd6d583..213f4b627a1 100644 --- a/2019/5xxx/CVE-2019-5711.json +++ b/2019/5xxx/CVE-2019-5711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5791.json b/2019/5xxx/CVE-2019-5791.json index 5c3728bd024..d2bdb970e60 100644 --- a/2019/5xxx/CVE-2019-5791.json +++ b/2019/5xxx/CVE-2019-5791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5791", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5791", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5975.json b/2019/5xxx/CVE-2019-5975.json index 9a62699e2d6..06630d66c74 100644 --- a/2019/5xxx/CVE-2019-5975.json +++ b/2019/5xxx/CVE-2019-5975.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5975", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5975", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file