diff --git a/1999/0xxx/CVE-1999-0389.json b/1999/0xxx/CVE-1999-0389.json index 95e4ff84724..f39add72da3 100644 --- a/1999/0xxx/CVE-1999-0389.json +++ b/1999/0xxx/CVE-1999-0389.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the bootp server in the Debian Linux netstd package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the bootp server in the Debian Linux netstd package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/324" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0442.json b/1999/0xxx/CVE-1999-0442.json index 6f54cab877c..6315f827c9f 100644 --- a/1999/0xxx/CVE-1999-0442.json +++ b/1999/0xxx/CVE-1999-0442.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Solaris ff.core allows local users to modify files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Solaris ff.core allows local users to modify files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/327" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1147.json b/1999/1xxx/CVE-1999-1147.json index ca54442436f..f646d683595 100644 --- a/1999/1xxx/CVE-1999-1147.json +++ b/1999/1xxx/CVE-1999-1147.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91273739726314&w=2" - }, - { - "name" : "pcm-dos-execute(1430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1430" - }, - { - "name" : "3164", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pcm-dos-execute(1430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1430" + }, + { + "name": "19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91273739726314&w=2" + }, + { + "name": "3164", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3164" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2382.json b/2005/2xxx/CVE-2005-2382.json index 89ea2fc9af3..d91c3332b4d 100644 --- a/2005/2xxx/CVE-2005-2382.json +++ b/2005/2xxx/CVE-2005-2382.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050720 PeanutHull Local Privilege Escalation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112190569628213&w=2" - }, - { - "name" : "http://secway.org/advisory/AD20050720EN.txt", - "refsource" : "MISC", - "url" : "http://secway.org/advisory/AD20050720EN.txt" - }, - { - "name" : "14330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14330" - }, - { - "name" : "16124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16124" + }, + { + "name": "14330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14330" + }, + { + "name": "http://secway.org/advisory/AD20050720EN.txt", + "refsource": "MISC", + "url": "http://secway.org/advisory/AD20050720EN.txt" + }, + { + "name": "20050720 PeanutHull Local Privilege Escalation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112190569628213&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2565.json b/2005/2xxx/CVE-2005-2565.json index ac88d9a3ea4..db98324a4b7 100644 --- a/2005/2xxx/CVE-2005-2565.json +++ b/2005/2xxx/CVE-2005-2565.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050807 Gravity Board X v1.1 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112351740803443&w=2" - }, - { - "name" : "gravityboardx-multiple-path-disclosure(21746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gravityboardx-multiple-path-disclosure(21746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21746" + }, + { + "name": "20050807 Gravity Board X v1.1 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112351740803443&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3514.json b/2005/3xxx/CVE-2005-3514.json index 90181832d30..f667f6fd567 100644 --- a/2005/3xxx/CVE-2005-3514.json +++ b/2005/3xxx/CVE-2005-3514.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051020 XSS & Path Disclosure in Chipmunk's products", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112982490104274&w=2" - }, - { - "name" : "http://irannetjob.com/content/view/148/28/", - "refsource" : "MISC", - "url" : "http://irannetjob.com/content/view/148/28/" - }, - { - "name" : "15149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15149/" - }, - { - "name" : "20164", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20164" - }, - { - "name" : "20165", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20165" - }, - { - "name" : "20166", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20166" - }, - { - "name" : "20167", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20167" - }, - { - "name" : "17239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17239/" - }, - { - "name" : "96", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/96" - }, - { - "name" : "chipmunk-multiple-scripts-xss(22823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15149/" + }, + { + "name": "20051020 XSS & Path Disclosure in Chipmunk's products", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112982490104274&w=2" + }, + { + "name": "17239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17239/" + }, + { + "name": "96", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/96" + }, + { + "name": "20165", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20165" + }, + { + "name": "http://irannetjob.com/content/view/148/28/", + "refsource": "MISC", + "url": "http://irannetjob.com/content/view/148/28/" + }, + { + "name": "20167", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20167" + }, + { + "name": "20166", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20166" + }, + { + "name": "20164", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20164" + }, + { + "name": "chipmunk-multiple-scripts-xss(22823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22823" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3532.json b/2005/3xxx/CVE-2005-3532.json index 042584eba1f..e8de75ec71b 100644 --- a/2005/3xxx/CVE-2005-3532.json +++ b/2005/3xxx/CVE-2005-3532.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-917", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-917" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920" - }, - { - "name" : "USN-226-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/226-1/" - }, - { - "name" : "15771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15771/" - }, - { - "name" : "17919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17919" - }, - { - "name" : "17999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17999" - }, - { - "name" : "courier-authdaemon-unauth-access(23532)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-917", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-917" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920" + }, + { + "name": "17919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17919" + }, + { + "name": "courier-authdaemon-unauth-access(23532)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23532" + }, + { + "name": "15771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15771/" + }, + { + "name": "17999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17999" + }, + { + "name": "USN-226-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/226-1/" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5195.json b/2007/5xxx/CVE-2007-5195.json index 756735d302a..8622f5d1795 100644 --- a/2007/5xxx/CVE-2007-5195.json +++ b/2007/5xxx/CVE-2007-5195.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SR:2007:020", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_20_sr.html" - }, - { - "name" : "45492", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45492" - }, - { - "name" : "27229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45492", + "refsource": "OSVDB", + "url": "http://osvdb.org/45492" + }, + { + "name": "27229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27229" + }, + { + "name": "SUSE-SR:2007:020", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5675.json b/2007/5xxx/CVE-2007-5675.json index 4e58b3ec3f6..5699bd7a6c7 100644 --- a/2007/5xxx/CVE-2007-5675.json +++ b/2007/5xxx/CVE-2007-5675.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the DebugPrint function in MultiXTpm Application Server before 4.0.2d allows remote attackers to execute arbitrary code via a long string argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=548209&group_id=196021", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=548209&group_id=196021" - }, - { - "name" : "26173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26173" - }, - { - "name" : "40386", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40386" - }, - { - "name" : "27323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the DebugPrint function in MultiXTpm Application Server before 4.0.2d allows remote attackers to execute arbitrary code via a long string argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=548209&group_id=196021", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=548209&group_id=196021" + }, + { + "name": "27323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27323" + }, + { + "name": "40386", + "refsource": "OSVDB", + "url": "http://osvdb.org/40386" + }, + { + "name": "26173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26173" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2685.json b/2009/2xxx/CVE-2009-2685.json index b1437cc7baa..5731bdc26e1 100644 --- a/2009/2xxx/CVE-2009-2685.json +++ b/2009/2xxx/CVE-2009-2685.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507708/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-081/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-081/" - }, - { - "name" : "HPSBMA02474", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125744000032141&w=2" - }, - { - "name" : "SSRT090107", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125744000032141&w=2" - }, - { - "name" : "36933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36933" - }, - { - "name" : "59684", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59684" - }, - { - "name" : "1023140", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023140" - }, - { - "name" : "37276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37276" - }, - { - "name" : "ADV-2009-3154", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59684", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59684" + }, + { + "name": "36933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36933" + }, + { + "name": "ADV-2009-3154", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3154" + }, + { + "name": "HPSBMA02474", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125744000032141&w=2" + }, + { + "name": "20091105 ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507708/100/0/threaded" + }, + { + "name": "37276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37276" + }, + { + "name": "SSRT090107", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125744000032141&w=2" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-081/" + }, + { + "name": "1023140", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023140" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3001.json b/2009/3xxx/CVE-2009-3001.json index 98232cdfdb3..8f338c0786b 100644 --- a/2009/3xxx/CVE-2009-3001.json +++ b/2009/3xxx/CVE-2009-3001.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9513", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9513" - }, - { - "name" : "[oss-security] 20090826 CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/26/1" - }, - { - "name" : "http://jon.oberheide.org/files/llc-getsockname-leak.c", - "refsource" : "MISC", - "url" : "http://jon.oberheide.org/files/llc-getsockname-leak.c" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=28e9fc592cb8c7a43e4d3147b38be6032a0e81bc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=28e9fc592cb8c7a43e4d3147b38be6032a0e81bc" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=519305", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=519305" - }, - { - "name" : "USN-852-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-852-1" - }, - { - "name" : "36126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36126" - }, - { - "name" : "37105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37105" - }, - { - "name" : "linux-kernel-afllcgetsockname-info-disc(52732)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=28e9fc592cb8c7a43e4d3147b38be6032a0e81bc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=28e9fc592cb8c7a43e4d3147b38be6032a0e81bc" + }, + { + "name": "[oss-security] 20090826 CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/26/1" + }, + { + "name": "USN-852-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-852-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=519305", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519305" + }, + { + "name": "http://jon.oberheide.org/files/llc-getsockname-leak.c", + "refsource": "MISC", + "url": "http://jon.oberheide.org/files/llc-getsockname-leak.c" + }, + { + "name": "9513", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9513" + }, + { + "name": "linux-kernel-afllcgetsockname-info-disc(52732)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52732" + }, + { + "name": "36126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36126" + }, + { + "name": "37105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37105" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0135.json b/2015/0xxx/CVE-2015-0135.json index 961e4e4cc5a..3cc09339948 100644 --- a/2015/0xxx/CVE-2015-0135.json +++ b/2015/0xxx/CVE-2015-0135.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21701647", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21701647" - }, - { - "name" : "1032151", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21701647", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701647" + }, + { + "name": "1032151", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032151" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0529.json b/2015/0xxx/CVE-2015-0529.json index 99a0bd834a2..de537cdc047 100644 --- a/2015/0xxx/CVE-2015-0529.json +++ b/2015/0xxx/CVE-2015-0529.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-0529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150401 ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Apr/1" - }, - { - "name" : "http://packetstormsecurity.com/files/131250/EMC-PowerPath-Virtual-Appliance-Undocumented-User-Accounts.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131250/EMC-PowerPath-Virtual-Appliance-Undocumented-User-Accounts.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/131250/EMC-PowerPath-Virtual-Appliance-Undocumented-User-Accounts.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131250/EMC-PowerPath-Virtual-Appliance-Undocumented-User-Accounts.html" + }, + { + "name": "20150401 ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Apr/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0675.json b/2015/0xxx/CVE-2015-0675.json index 6f70465dd6d..d5b7fd25671 100644 --- a/2015/0xxx/CVE-2015-0675.json +++ b/2015/0xxx/CVE-2015-0675.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150408 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa" - }, - { - "name" : "1032045", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032045", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032045" + }, + { + "name": "20150408 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0917.json b/2015/0xxx/CVE-2015-0917.json index d4935620230..9fa22063ffe 100644 --- a/2015/0xxx/CVE-2015-0917.json +++ b/2015/0xxx/CVE-2015-0917.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150106 Reflecting XSS vulnerability in CMS Kajona v. 4.6", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/11" - }, - { - "name" : "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html" - }, - { - "name" : "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7", - "refsource" : "CONFIRM", - "url" : "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7" - }, - { - "name" : "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html", - "refsource" : "CONFIRM", - "url" : "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html" + }, + { + "name": "20150106 Reflecting XSS vulnerability in CMS Kajona v. 4.6", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/11" + }, + { + "name": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html", + "refsource": "CONFIRM", + "url": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html" + }, + { + "name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html" + }, + { + "name": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7", + "refsource": "CONFIRM", + "url": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3061.json b/2015/3xxx/CVE-2015-3061.json index a060715a2df..852e78c0f0a 100644 --- a/2015/3xxx/CVE-2015-3061.json +++ b/2015/3xxx/CVE-2015-3061.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-206", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-206" - }, - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html" - }, - { - "name" : "74604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74604" - }, - { - "name" : "1032284", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74604" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-10.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-10.html" + }, + { + "name": "1032284", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032284" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-206", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-206" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4763.json b/2015/4xxx/CVE-2015-4763.json index f9c7b1c4ec2..dd2f7ae962a 100644 --- a/2015/4xxx/CVE-2015-4763.json +++ b/2015/4xxx/CVE-2015-4763.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032915", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032915", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032915" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4823.json b/2015/4xxx/CVE-2015-4823.json index 90d7ef46623..945b4e1abe4 100644 --- a/2015/4xxx/CVE-2015-4823.json +++ b/2015/4xxx/CVE-2015-4823.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deploy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "77139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77139" - }, - { - "name" : "1033876", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deploy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033876", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033876" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "77139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77139" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4938.json b/2015/4xxx/CVE-2015-4938.json index 527274c10ac..601e28a6cd6 100644 --- a/2015/4xxx/CVE-2015-4938.json +++ b/2015/4xxx/CVE-2015-4938.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275" - }, - { - "name" : "PI37396", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37396" - }, - { - "name" : "76463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76463" - }, - { - "name" : "1033324", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275" + }, + { + "name": "76463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76463" + }, + { + "name": "1033324", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033324" + }, + { + "name": "PI37396", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37396" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8008.json b/2015/8xxx/CVE-2015-8008.json index 3d78b27d924..e1af201de98 100644 --- a/2015/8xxx/CVE-2015-8008.json +++ b/2015/8xxx/CVE-2015-8008.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20151016 Extension Security Release: OAuth, Echo, PageTriage", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html" - }, - { - "name" : "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/29/14" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273353", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273353" - }, - { - "name" : "https://phabricator.wikimedia.org/T103022", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T103022" - }, - { - "name" : "FEDORA-2015-24fe8b66c9", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html" - }, - { - "name" : "FEDORA-2015-97fe05f788", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html" - }, - { - "name" : "FEDORA-2015-ec6d598d3d", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html" - }, - { - "name" : "77379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77379" - }, - { - "name" : "1034028", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77379" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273353", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273353" + }, + { + "name": "FEDORA-2015-ec6d598d3d", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html" + }, + { + "name": "FEDORA-2015-97fe05f788", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html" + }, + { + "name": "1034028", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034028" + }, + { + "name": "https://phabricator.wikimedia.org/T103022", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T103022" + }, + { + "name": "[MediaWiki-announce] 20151016 Extension Security Release: OAuth, Echo, PageTriage", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html" + }, + { + "name": "FEDORA-2015-24fe8b66c9", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html" + }, + { + "name": "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8357.json b/2015/8xxx/CVE-2015-8357.json index c923fc7d1c9..a95e1e17e15 100644 --- a/2015/8xxx/CVE-2015-8357.json +++ b/2015/8xxx/CVE-2015-8357.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151209 Path Traversal via CSRF in bitrix.xscan Bitrix Module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537072/100/0/threaded" - }, - { - "name" : "38976", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38976/" - }, - { - "name" : "http://packetstormsecurity.com/files/134765/bitrix.scan-Bitrix-1.0.3-Path-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134765/bitrix.scan-Bitrix-1.0.3-Path-Traversal.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23278", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23278" - }, - { - "name" : "https://marketplace.1c-bitrix.ru/solutions/bitrix.xscan/#tab-log-link", - "refsource" : "CONFIRM", - "url" : "https://marketplace.1c-bitrix.ru/solutions/bitrix.xscan/#tab-log-link" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151209 Path Traversal via CSRF in bitrix.xscan Bitrix Module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537072/100/0/threaded" + }, + { + "name": "38976", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38976/" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23278", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23278" + }, + { + "name": "https://marketplace.1c-bitrix.ru/solutions/bitrix.xscan/#tab-log-link", + "refsource": "CONFIRM", + "url": "https://marketplace.1c-bitrix.ru/solutions/bitrix.xscan/#tab-log-link" + }, + { + "name": "http://packetstormsecurity.com/files/134765/bitrix.scan-Bitrix-1.0.3-Path-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134765/bitrix.scan-Bitrix-1.0.3-Path-Traversal.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8471.json b/2015/8xxx/CVE-2015-8471.json index 96e242161ac..8ba99a99315 100644 --- a/2015/8xxx/CVE-2015-8471.json +++ b/2015/8xxx/CVE-2015-8471.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8471", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8471", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8521.json b/2015/8xxx/CVE-2015-8521.json index 6b87c3d62cf..8a78b38a12c 100644 --- a/2015/8xxx/CVE-2015-8521.json +++ b/2015/8xxx/CVE-2015-8521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2015-8521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-8521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21975536", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21975536" - }, - { - "name" : "84167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84167" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21975536", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975536" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9008.json b/2015/9xxx/CVE-2015-9008.json index 3a3349825f2..42a84584c34 100644 --- a/2015/9xxx/CVE-2015-9008.json +++ b/2015/9xxx/CVE-2015-9008.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-06-05T00:00:00", - "ID" : "CVE-2015-9008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-06-05T00:00:00", + "ID": "CVE-2015-9008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98874" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98874" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9190.json b/2015/9xxx/CVE-2015-9190.json index 70a0788bde7..8368910821c 100644 --- a/2015/9xxx/CVE-2015-9190.json +++ b/2015/9xxx/CVE-2015-9190.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, SD 810" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, and SD 810, if start_addr + size is too large in boot_clobber_check_local_address_range(), an integer overflow occurs, resulting in clobber protection check being bypassed and SBL memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow or Wraparound in Boot." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, SD 810" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, and SD 810, if start_addr + size is too large in boot_clobber_check_local_address_range(), an integer overflow occurs, resulting in clobber protection check being bypassed and SBL memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow or Wraparound in Boot." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5102.json b/2016/5xxx/CVE-2016-5102.json index 0c5d4ec6066..08c6a248770 100644 --- a/2016/5xxx/CVE-2016-5102.json +++ b/2016/5xxx/CVE-2016-5102.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2552", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2552" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343407", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343407" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "USN-3606-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3606-1/" - }, - { - "name" : "96049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96049" + }, + { + "name": "USN-3606-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3606-1/" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2552", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2552" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343407", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343407" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5630.json b/2016/5xxx/CVE-2016-5630.json index fc347c76b50..04c66b544b3 100644 --- a/2016/5xxx/CVE-2016-5630.json +++ b/2016/5xxx/CVE-2016-5630.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "GLSA-201701-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-01" - }, - { - "name" : "RHSA-2016:1601", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1601.html" - }, - { - "name" : "RHSA-2016:2927", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2927.html" - }, - { - "name" : "93674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93674" - }, - { - "name" : "1037050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93674" + }, + { + "name": "GLSA-201701-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-01" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "RHSA-2016:1601", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1601.html" + }, + { + "name": "RHSA-2016:2927", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html" + }, + { + "name": "1037050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037050" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5669.json b/2016/5xxx/CVE-2016-5669.json index 343cac05dd0..07cc33db285 100644 --- a/2016/5xxx/CVE-2016-5669.json +++ b/2016/5xxx/CVE-2016-5669.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-5669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#974424", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/974424" - }, - { - "name" : "92211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92211" + }, + { + "name": "VU#974424", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/974424" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999004.json b/2018/1999xxx/CVE-2018-1999004.json index 5cffa5905a6..bc339d3ad3c 100644 --- a/2018/1999xxx/CVE-2018-1999004.json +++ b/2018/1999xxx/CVE-2018-1999004.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-18T10:18:03.885319", - "DATE_REQUESTED" : "2018-07-18T00:00:00", - "ID" : "CVE-2018-1999004", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.132 and earlier, 2.121.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-18T10:18:03.885319", + "DATE_REQUESTED": "2018-07-18T00:00:00", + "ID": "CVE-2018-1999004", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-892", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-892", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-892" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2196.json b/2018/2xxx/CVE-2018-2196.json index 0d225decf54..3c7703aeaf0 100644 --- a/2018/2xxx/CVE-2018-2196.json +++ b/2018/2xxx/CVE-2018-2196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2196", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2196", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2449.json b/2018/2xxx/CVE-2018-2449.json index 41ee5448cbf..553d108827d 100644 --- a/2018/2xxx/CVE-2018-2449.json +++ b/2018/2xxx/CVE-2018-2449.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Supplier Relationship Management Master Data Management Catalog", - "version" : { - "version_data" : [ - { - "version_name" : "", - "version_value" : "3.73" - }, - { - "version_name" : "", - "version_value" : "7.31" - }, - { - "version_name" : "", - "version_value" : "7.32" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Authentication" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Supplier Relationship Management Master Data Management Catalog", + "version": { + "version_data": [ + { + "version_name": "", + "version_value": "3.73" + }, + { + "version_name": "", + "version_value": "7.31" + }, + { + "version_name": "", + "version_value": "7.32" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2655250", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2655250" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742" - }, - { - "name" : "105079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105079" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105079" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2655250", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2655250" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2539.json b/2018/2xxx/CVE-2018-2539.json index a7e6f03eb2f..4835f0f7762 100644 --- a/2018/2xxx/CVE-2018-2539.json +++ b/2018/2xxx/CVE-2018-2539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2632.json b/2018/2xxx/CVE-2018-2632.json index 8ab3f739246..72d4bc89995 100644 --- a/2018/2xxx/CVE-2018-2632.json +++ b/2018/2xxx/CVE-2018-2632.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Siebel Engineering - Installer and Deployment", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "16.0" - }, - { - "version_affected" : "=", - "version_value" : "17.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Siebel Engineering - Installer and Deployment component of Oracle Siebel CRM (subcomponent: Siebel Approval Manager). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Engineering - Installer and Deployment accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Engineering - Installer and Deployment accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel Engineering - Installer and Deployment", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.0" + }, + { + "version_affected": "=", + "version_value": "17.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Siebel Engineering - Installer and Deployment component of Oracle Siebel CRM (subcomponent: Siebel Approval Manager). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Engineering - Installer and Deployment accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Engineering - Installer and Deployment accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102631" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6228.json b/2018/6xxx/CVE-2018-6228.json index 64c816ea580..4c08565ab5c 100644 --- a/2018/6xxx/CVE-2018-6228.json +++ b/2018/6xxx/CVE-2018-6228.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-6228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Email Encryption Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "5.5" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-6228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Email Encryption Gateway", + "version": { + "version_data": [ + { + "version_value": "5.5" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44166", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44166/" - }, - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1119349", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44166", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44166/" + }, + { + "name": "https://success.trendmicro.com/solution/1119349", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119349" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6419.json b/2018/6xxx/CVE-2018-6419.json index 65fd657be36..aea962317c9 100644 --- a/2018/6xxx/CVE-2018-6419.json +++ b/2018/6xxx/CVE-2018-6419.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6419", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6419", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6850.json b/2018/6xxx/CVE-2018-6850.json index 627cda08ec4..f72ac6418c6 100644 --- a/2018/6xxx/CVE-2018-6850.json +++ b/2018/6xxx/CVE-2018-6850.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6850", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6850", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6929.json b/2018/6xxx/CVE-2018-6929.json index 95bd9f3b907..7c08327ef72 100644 --- a/2018/6xxx/CVE-2018-6929.json +++ b/2018/6xxx/CVE-2018-6929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7158.json b/2018/7xxx/CVE-2018-7158.json index 07c8deb72b6..0ecd7286691 100644 --- a/2018/7xxx/CVE-2018-7158.json +++ b/2018/7xxx/CVE-2018-7158.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-request@iojs.org", - "DATE_PUBLIC" : "2018-03-21T00:00:00", - "ID" : "CVE-2018-7158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Node.js", - "version" : { - "version_data" : [ - { - "version_value" : "4.x" - } - ] - } - } - ] - }, - "vendor_name" : "The Node.js Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-185: Incorrect Regular Expression" - } + "CVE_data_meta": { + "ASSIGNER": "cve-request@iojs.org", + "DATE_PUBLIC": "2018-03-21T00:00:00", + "ID": "CVE-2018-7158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Node.js", + "version": { + "version_data": [ + { + "version_value": "4.x" + } + ] + } + } + ] + }, + "vendor_name": "The Node.js Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-185: Incorrect Regular Expression" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7559.json b/2018/7xxx/CVE-2018-7559.json index 69bbebd356b..c66247a805b 100644 --- a/2018/7xxx/CVE-2018-7559.json +++ b/2018/7xxx/CVE-2018-7559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45", - "refsource" : "CONFIRM", - "url" : "https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45" - }, - { - "name" : "https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150", - "refsource" : "CONFIRM", - "url" : "https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150" - }, - { - "name" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf", - "refsource" : "CONFIRM", - "url" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf", + "refsource": "CONFIRM", + "url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf" + }, + { + "name": "https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150", + "refsource": "CONFIRM", + "url": "https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150" + }, + { + "name": "https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45", + "refsource": "CONFIRM", + "url": "https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7779.json b/2018/7xxx/CVE-2018-7779.json index 52adabb6cc8..c60a78051ab 100644 --- a/2018/7xxx/CVE-2018-7779.json +++ b/2018/7xxx/CVE-2018-7779.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-04-19T00:00:00", - "ID" : "CVE-2018-7779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Wiser for KNX", - "version" : { - "version_data" : [ - { - "version_value" : "Wiser for KNX, V2.1.0 and prior" - }, - { - "version_value" : "homeLYnk V2.0.1 and prior" - }, - { - "version_value" : "spaceLYnk V2.1.0 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Weak and unprotected FTP access" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-04-19T00:00:00", + "ID": "CVE-2018-7779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wiser for KNX", + "version": { + "version_data": [ + { + "version_value": "Wiser for KNX, V2.1.0 and prior" + }, + { + "version_value": "homeLYnk V2.0.1 and prior" + }, + { + "version_value": "spaceLYnk V2.1.0 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-109-02/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-109-02/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak and unprotected FTP access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-109-02/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-109-02/" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0256.json b/2019/0xxx/CVE-2019-0256.json index 1d6907b3dde..daa83a8521c 100644 --- a/2019/0xxx/CVE-2019-0256.json +++ b/2019/0xxx/CVE-2019-0256.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2019-0256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Business One Mobile Android App", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "1.2.12" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2019-0256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Business One Mobile Android App", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.2.12" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2723878", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2723878" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943" - }, - { - "name" : "106995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2723878", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2723878" + }, + { + "name": "106995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106995" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1238.json b/2019/1xxx/CVE-2019-1238.json index 0bc95c82ae1..92611009827 100644 --- a/2019/1xxx/CVE-2019-1238.json +++ b/2019/1xxx/CVE-2019-1238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1238", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1238", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1488.json b/2019/1xxx/CVE-2019-1488.json index 82bfaa19b95..de93b9ce765 100644 --- a/2019/1xxx/CVE-2019-1488.json +++ b/2019/1xxx/CVE-2019-1488.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1488", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1488", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1590.json b/2019/1xxx/CVE-2019-1590.json index 205231e9148..b7e0d3ff2e0 100644 --- a/2019/1xxx/CVE-2019-1590.json +++ b/2019/1xxx/CVE-2019-1590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1590", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1590", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5262.json b/2019/5xxx/CVE-2019-5262.json index 9d6fed2872e..d52a210270d 100644 --- a/2019/5xxx/CVE-2019-5262.json +++ b/2019/5xxx/CVE-2019-5262.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5262", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5262", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5456.json b/2019/5xxx/CVE-2019-5456.json index 3ca9fccfc46..cf27a29b581 100644 --- a/2019/5xxx/CVE-2019-5456.json +++ b/2019/5xxx/CVE-2019-5456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5671.json b/2019/5xxx/CVE-2019-5671.json index dd80b4ad129..f767728cc09 100644 --- a/2019/5xxx/CVE-2019-5671.json +++ b/2019/5xxx/CVE-2019-5671.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2019-02-22T00:00:00", - "ID" : "CVE-2019-5671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA GPU Graphics Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2019-02-22T00:00:00", + "ID": "CVE-2019-5671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA GPU Graphics Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772", - "refsource" : "CONFIRM", - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4772", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4772" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5881.json b/2019/5xxx/CVE-2019-5881.json index f9edf71ef78..7e30a2eafe4 100644 --- a/2019/5xxx/CVE-2019-5881.json +++ b/2019/5xxx/CVE-2019-5881.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5881", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5881", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file