From 43b39ba6f9fe717d40206ae306ed40885c8de19e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:28:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0113.json | 120 ++++++------- 1999/0xxx/CVE-1999-0247.json | 130 +++++++------- 1999/0xxx/CVE-1999-0776.json | 120 ++++++------- 1999/0xxx/CVE-1999-0814.json | 120 ++++++------- 1999/1xxx/CVE-1999-1101.json | 120 ++++++------- 1999/1xxx/CVE-1999-1392.json | 150 ++++++++-------- 1999/1xxx/CVE-1999-1495.json | 140 +++++++-------- 2000/0xxx/CVE-2000-0055.json | 120 ++++++------- 2000/0xxx/CVE-2000-0056.json | 120 ++++++------- 2000/0xxx/CVE-2000-0318.json | 130 +++++++------- 2000/0xxx/CVE-2000-0427.json | 140 +++++++-------- 2000/0xxx/CVE-2000-0544.json | 130 +++++++------- 2000/0xxx/CVE-2000-0642.json | 140 +++++++-------- 2000/0xxx/CVE-2000-0897.json | 150 ++++++++-------- 2000/0xxx/CVE-2000-0920.json | 160 ++++++++--------- 2000/1xxx/CVE-2000-1105.json | 140 +++++++-------- 2000/1xxx/CVE-2000-1249.json | 34 ++-- 2005/2xxx/CVE-2005-2170.json | 170 +++++++++--------- 2005/2xxx/CVE-2005-2261.json | 340 +++++++++++++++++------------------ 2005/2xxx/CVE-2005-2352.json | 34 ++-- 2007/1xxx/CVE-2007-1499.json | 300 +++++++++++++++---------------- 2007/5xxx/CVE-2007-5188.json | 170 +++++++++--------- 2007/5xxx/CVE-2007-5437.json | 160 ++++++++--------- 2007/5xxx/CVE-2007-5610.json | 210 +++++++++++----------- 2007/5xxx/CVE-2007-5985.json | 260 +++++++++++++-------------- 2009/2xxx/CVE-2009-2445.json | 190 ++++++++++---------- 2009/2xxx/CVE-2009-2631.json | 340 +++++++++++++++++------------------ 2009/2xxx/CVE-2009-2635.json | 120 ++++++------- 2009/2xxx/CVE-2009-2839.json | 160 ++++++++--------- 2009/2xxx/CVE-2009-2885.json | 150 ++++++++-------- 2015/0xxx/CVE-2015-0193.json | 130 +++++++------- 2015/0xxx/CVE-2015-0680.json | 130 +++++++------- 2015/3xxx/CVE-2015-3080.json | 200 ++++++++++----------- 2015/3xxx/CVE-2015-3135.json | 180 +++++++++---------- 2015/3xxx/CVE-2015-3155.json | 170 +++++++++--------- 2015/3xxx/CVE-2015-3295.json | 140 +++++++-------- 2015/3xxx/CVE-2015-3390.json | 150 ++++++++-------- 2015/3xxx/CVE-2015-3615.json | 140 +++++++-------- 2015/4xxx/CVE-2015-4162.json | 130 +++++++------- 2015/4xxx/CVE-2015-4530.json | 130 +++++++------- 2015/4xxx/CVE-2015-4625.json | 230 ++++++++++++------------ 2015/4xxx/CVE-2015-4878.json | 170 +++++++++--------- 2015/8xxx/CVE-2015-8215.json | 260 +++++++++++++-------------- 2015/8xxx/CVE-2015-8395.json | 170 +++++++++--------- 2015/8xxx/CVE-2015-8893.json | 130 +++++++------- 2015/9xxx/CVE-2015-9018.json | 34 ++-- 2015/9xxx/CVE-2015-9084.json | 34 ++-- 2016/1xxx/CVE-2016-1367.json | 130 +++++++------- 2016/5xxx/CVE-2016-5154.json | 230 ++++++++++++------------ 2016/5xxx/CVE-2016-5643.json | 34 ++-- 2016/5xxx/CVE-2016-5674.json | 140 +++++++-------- 2016/5xxx/CVE-2016-5736.json | 130 +++++++------- 2018/2xxx/CVE-2018-2001.json | 34 ++-- 2018/2xxx/CVE-2018-2067.json | 34 ++-- 2018/2xxx/CVE-2018-2147.json | 34 ++-- 2018/2xxx/CVE-2018-2394.json | 164 ++++++++--------- 2018/6xxx/CVE-2018-6197.json | 160 ++++++++--------- 2018/6xxx/CVE-2018-6257.json | 122 ++++++------- 2018/6xxx/CVE-2018-6260.json | 140 +++++++-------- 2018/6xxx/CVE-2018-6464.json | 120 ++++++------- 2018/6xxx/CVE-2018-6899.json | 34 ++-- 2019/0xxx/CVE-2019-0099.json | 34 ++-- 2019/0xxx/CVE-2019-0317.json | 34 ++-- 2019/0xxx/CVE-2019-0683.json | 34 ++-- 2019/1xxx/CVE-2019-1322.json | 34 ++-- 2019/1xxx/CVE-2019-1690.json | 180 +++++++++---------- 2019/1xxx/CVE-2019-1724.json | 34 ++-- 2019/1xxx/CVE-2019-1767.json | 34 ++-- 2019/1xxx/CVE-2019-1955.json | 34 ++-- 2019/5xxx/CVE-2019-5226.json | 34 ++-- 2019/5xxx/CVE-2019-5543.json | 34 ++-- 2019/5xxx/CVE-2019-5672.json | 34 ++-- 2019/5xxx/CVE-2019-5697.json | 34 ++-- 73 files changed, 4678 insertions(+), 4678 deletions(-) diff --git a/1999/0xxx/CVE-1999-0113.json b/1999/0xxx/CVE-1999-0113.json index 10dc3f3e9e6..c50d23821a5 100644 --- a/1999/0xxx/CVE-1999-0113.json +++ b/1999/0xxx/CVE-1999-0113.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some implementations of rlogin allow root access if given a -froot parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some implementations of rlogin allow root access if given a -froot parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/458" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0247.json b/1999/0xxx/CVE-1999-0247.json index 4f5f6f7dc52..9ddfff24047 100644 --- a/1999/0xxx/CVE-1999-0247.json +++ b/1999/0xxx/CVE-1999-0247.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19970721 INN news server vulnerabilities", - "refsource" : "NAI", - "url" : "http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp" - }, - { - "name" : "1443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1443" + }, + { + "name": "19970721 INN news server vulnerabilities", + "refsource": "NAI", + "url": "http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0776.json b/1999/0xxx/CVE-1999-0776.json index 41730ae904d..c40c79442f6 100644 --- a/1999/0xxx/CVE-1999-0776.json +++ b/1999/0xxx/CVE-1999-0776.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990506 \"..\"-hole in Alibaba 2.0", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R1533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990506 \"..\"-hole in Alibaba 2.0", + "refsource": "NTBUGTRAQ", + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R1533" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0814.json b/1999/0xxx/CVE-1999-0814.json index ba7373edc40..38f9ac8c19a 100644 --- a/1999/0xxx/CVE-1999-0814.json +++ b/1999/0xxx/CVE-1999-0814.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat pump DHCP client allows remote attackers to gain root access in some configurations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-1999:027", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-1999-027.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat pump DHCP client allows remote attackers to gain root access in some configurations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-1999:027", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-1999-027.html" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1101.json b/1999/1xxx/CVE-1999-1101.json index 68f9dc4681f..6919dbc3f98 100644 --- a/1999/1xxx/CVE-1999-1101.json +++ b/1999/1xxx/CVE-1999-1101.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kabsoftware Lydia utility uses weak encryption to store user passwords in the lydia.ini file, which allows local users to easily decrypt the passwords and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990219 Yet Another password storing problem (was: Re: Possible Netscape Crypto Security Flaw)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/12618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kabsoftware Lydia utility uses weak encryption to store user passwords in the lydia.ini file, which allows local users to easily decrypt the passwords and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990219 Yet Another password storing problem (was: Re: Possible Netscape Crypto Security Flaw)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/12618" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1392.json b/1999/1xxx/CVE-1999-1392.json index 6b13b95c337..837492c4735 100644 --- a/1999/1xxx/CVE-1999-1392.json +++ b/1999/1xxx/CVE-1999-1392.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1990-06", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1990-06.html" - }, - { - "name" : "B-01", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/b-01.shtml" - }, - { - "name" : "9", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9" - }, - { - "name" : "nextstep-restore09-root-access(7144)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7144.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-1990-06", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1990-06.html" + }, + { + "name": "9", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9" + }, + { + "name": "nextstep-restore09-root-access(7144)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7144.php" + }, + { + "name": "B-01", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/b-01.shtml" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1495.json b/1999/1xxx/CVE-1999-1495.json index f51f3a7f506..f72311eb1f9 100644 --- a/1999/1xxx/CVE-1999-1495.json +++ b/1999/1xxx/CVE-1999-1495.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990218 xtvscreen and suse 6 ", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/12580" - }, - { - "name" : "xtvscreen-overwrite(1792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1792" - }, - { - "name" : "325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xtvscreen-overwrite(1792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1792" + }, + { + "refsource": "BUGTRAQ", + "name": "19990218 xtvscreen and suse 6", + "url": "http://www.securityfocus.com/archive/1/12580" + }, + { + "name": "325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/325" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0055.json b/2000/0xxx/CVE-2000-0055.json index 95a2e1d4c56..8845d3d4d6e 100644 --- a/2000/0xxx/CVE-2000-0055.json +++ b/2000/0xxx/CVE-2000-0055.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/918" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0056.json b/2000/0xxx/CVE-2000-0056.json index 7631aff1bf2..42ccf3a5cde 100644 --- a/2000/0xxx/CVE-2000-0056.json +++ b/2000/0xxx/CVE-2000-0056.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/914" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0318.json b/2000/0xxx/CVE-2000-0318.json index be7d9fce9d6..649f182e7e8 100644 --- a/2000/0xxx/CVE-2000-0318.json +++ b/2000/0xxx/CVE-2000-0318.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000413 Security problems with Atrium Mercur Mailserver 3.20", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html" - }, - { - "name" : "1144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000413 Security problems with Atrium Mercur Mailserver 3.20", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html" + }, + { + "name": "1144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1144" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0427.json b/2000/0xxx/CVE-2000-0427.json index 4721477d9f3..d1db05eeaf9 100644 --- a/2000/0xxx/CVE-2000-0427.json +++ b/2000/0xxx/CVE-2000-0427.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000504 eToken Private Information Extraction and Physical Attack", - "refsource" : "L0PHT", - "url" : "http://www.l0pht.com/advisories/etoken-piepa.txt" - }, - { - "name" : "1170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1170" - }, - { - "name" : "3266", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1170" + }, + { + "name": "3266", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3266" + }, + { + "name": "20000504 eToken Private Information Extraction and Physical Attack", + "refsource": "L0PHT", + "url": "http://www.l0pht.com/advisories/etoken-piepa.txt" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0544.json b/2000/0xxx/CVE-2000-0544.json index 9d44be50dec..184bbf980f3 100644 --- a/2000/0xxx/CVE-2000-0544.json +++ b/2000/0xxx/CVE-2000-0544.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000604 anonymous SMBwriteX DoS", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0231.html" - }, - { - "name" : "1304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1304" + }, + { + "name": "20000604 anonymous SMBwriteX DoS", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0231.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0642.json b/2000/0xxx/CVE-2000-0642.json index 7e98ff0b9b0..1b8f1ffee0a 100644 --- a/2000/0xxx/CVE-2000-0642.json +++ b/2000/0xxx/CVE-2000-0642.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000711 Lame DoS in WEBactive win65/NT server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org" - }, - { - "name" : "1497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1497" - }, - { - "name" : "webactive-active-log(5184)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webactive-active-log(5184)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5184" + }, + { + "name": "1497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1497" + }, + { + "name": "20000711 Lame DoS in WEBactive win65/NT server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0897.json b/2000/0xxx/CVE-2000-0897.json index a94d3ab3450..65d89f1788f 100644 --- a/2000/0xxx/CVE-2000-0897.json +++ b/2000/0xxx/CVE-2000-0897.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001114 Vulnerabilites in SmallHTTP Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97421834001092&w=2" - }, - { - "name" : "http://home.lanck.net/mf/srv/index.htm", - "refsource" : "CONFIRM", - "url" : "http://home.lanck.net/mf/srv/index.htm" - }, - { - "name" : "1941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1941" - }, - { - "name" : "small-http-nofile-dos(5524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001114 Vulnerabilites in SmallHTTP Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97421834001092&w=2" + }, + { + "name": "1941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1941" + }, + { + "name": "small-http-nofile-dos(5524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5524" + }, + { + "name": "http://home.lanck.net/mf/srv/index.htm", + "refsource": "CONFIRM", + "url": "http://home.lanck.net/mf/srv/index.htm" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0920.json b/2000/0xxx/CVE-2000-0920.json index 6f5c370ac0b..d8ebf8e74bb 100644 --- a/2000/0xxx/CVE-2000-0920.json +++ b/2000/0xxx/CVE-2000-0920.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a \"%2E\" instead of a \".\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001006 Vulnerability in BOA web server v0.94.8.2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html" - }, - { - "name" : "FreeBSD-SA-00:60", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc" - }, - { - "name" : "20001009 boa: exposes contents of local files", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2000/20001009" - }, - { - "name" : "1770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1770" - }, - { - "name" : "boa-webserver-get-dir-traversal(5330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a \"%2E\" instead of a \".\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-00:60", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc" + }, + { + "name": "20001006 Vulnerability in BOA web server v0.94.8.2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html" + }, + { + "name": "boa-webserver-get-dir-traversal(5330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5330" + }, + { + "name": "1770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1770" + }, + { + "name": "20001009 boa: exposes contents of local files", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2000/20001009" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1105.json b/2000/1xxx/CVE-2000-1105.json index c59e51e44cb..9a2e12a410b 100644 --- a/2000/1xxx/CVE-2000-1105.json +++ b/2000/1xxx/CVE-2000-1105.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001110 IE 5.x Win2000 Indexing service vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/144270" - }, - { - "name" : "20001110 IE 5.x Win2000 Indexing service vulnerability", - "refsource" : "WIN2KSEC", - "url" : "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0074.html" - }, - { - "name" : "1933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1933" + }, + { + "name": "20001110 IE 5.x Win2000 Indexing service vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/144270" + }, + { + "name": "20001110 IE 5.x Win2000 Indexing service vulnerability", + "refsource": "WIN2KSEC", + "url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0074.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1249.json b/2000/1xxx/CVE-2000-1249.json index 9d7edd5b5ff..3997c3b9dca 100644 --- a/2000/1xxx/CVE-2000-1249.json +++ b/2000/1xxx/CVE-2000-1249.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1249", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1249", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2170.json b/2005/2xxx/CVE-2005-2170.json index 9bfd9b5b5c5..61ba6f7348c 100644 --- a/2005/2xxx/CVE-2005-2170.json +++ b/2005/2xxx/CVE-2005-2170.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/entdocview.wss?uid=swg21210334", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/entdocview.wss?uid=swg21210334" - }, - { - "name" : "http://www.corsaire.com/advisories/c041127-001.txt", - "refsource" : "MISC", - "url" : "http://www.corsaire.com/advisories/c041127-001.txt" - }, - { - "name" : "14194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14194" - }, - { - "name" : "ADV-2005-1018", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1018" - }, - { - "name" : "1014424", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014424" - }, - { - "name" : "15953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15953" + }, + { + "name": "14194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14194" + }, + { + "name": "http://www-1.ibm.com/support/entdocview.wss?uid=swg21210334", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/entdocview.wss?uid=swg21210334" + }, + { + "name": "1014424", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014424" + }, + { + "name": "ADV-2005-1018", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1018" + }, + { + "name": "http://www.corsaire.com/advisories/c041127-001.txt", + "refsource": "MISC", + "url": "http://www.corsaire.com/advisories/c041127-001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2261.json b/2005/2xxx/CVE-2005-2261.json index d6abc7f7c52..c097a9ae369 100644 --- a/2005/2xxx/CVE-2005-2261.json +++ b/2005/2xxx/CVE-2005-2261.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-46.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-46.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=292591", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=292591" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=292589", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=292589" - }, - { - "name" : "DSA-810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-810" - }, - { - "name" : "FLSA:160202", - "refsource" : "FEDORA", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202" - }, - { - "name" : "RHSA-2005:586", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-586.html" - }, - { - "name" : "RHSA-2005:587", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-587.html" - }, - { - "name" : "RHSA-2005:601", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-601.html" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "SUSE-SA:2005:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html" - }, - { - "name" : "SUSE-SR:2005:018", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_18_sr.html" - }, - { - "name" : "P-252", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-252.shtml" - }, - { - "name" : "14242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14242" - }, - { - "name" : "oval:org.mitre.oval:def:10947", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947" - }, - { - "name" : "ADV-2005-1075", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1075" - }, - { - "name" : "oval:org.mitre.oval:def:100012", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012" - }, - { - "name" : "oval:org.mitre.oval:def:1348", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348" - }, - { - "name" : "oval:org.mitre.oval:def:808", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808" - }, - { - "name" : "16043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16043" - }, - { - "name" : "16044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16044" - }, - { - "name" : "16059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16059" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-810" + }, + { + "name": "SUSE-SR:2005:018", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html" + }, + { + "name": "P-252", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-252.shtml" + }, + { + "name": "oval:org.mitre.oval:def:808", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808" + }, + { + "name": "FLSA:160202", + "refsource": "FEDORA", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "RHSA-2005:587", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-587.html" + }, + { + "name": "16059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16059" + }, + { + "name": "16044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16044" + }, + { + "name": "ADV-2005-1075", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1075" + }, + { + "name": "RHSA-2005:601", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html" + }, + { + "name": "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=292591", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=292591" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-46.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-46.html" + }, + { + "name": "oval:org.mitre.oval:def:10947", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947" + }, + { + "name": "SUSE-SA:2005:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html" + }, + { + "name": "oval:org.mitre.oval:def:1348", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348" + }, + { + "name": "14242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14242" + }, + { + "name": "RHSA-2005:586", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-586.html" + }, + { + "name": "16043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16043" + }, + { + "name": "oval:org.mitre.oval:def:100012", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=292589", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=292589" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2352.json b/2005/2xxx/CVE-2005-2352.json index 5a37a25d0ed..43c39385546 100644 --- a/2005/2xxx/CVE-2005-2352.json +++ b/2005/2xxx/CVE-2005-2352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1499.json b/2007/1xxx/CVE-2007-1499.json index c45d7de027a..65e221e6184 100644 --- a/2007/1xxx/CVE-2007-1499.json +++ b/2007/1xxx/CVE-2007-1499.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070314 Phishing using IE7 local resource vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462833/100/0/threaded" - }, - { - "name" : "20070315 RE: Phishing using IE7 local resource vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462945/100/0/threaded" - }, - { - "name" : "20070315 Re: Phishing using IE7 local resource vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462939/100/0/threaded" - }, - { - "name" : "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx", - "refsource" : "MISC", - "url" : "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx" - }, - { - "name" : "http://news.com.com/2100-1002_3-6167410.html", - "refsource" : "MISC", - "url" : "http://news.com.com/2100-1002_3-6167410.html" - }, - { - "name" : "HPSBST02231", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "SSRT071438", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "MS07-033", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" - }, - { - "name" : "TA07-163A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" - }, - { - "name" : "22966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22966" - }, - { - "name" : "35352", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35352" - }, - { - "name" : "ADV-2007-0946", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0946" - }, - { - "name" : "ADV-2007-2153", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2153" - }, - { - "name" : "oval:org.mitre.oval:def:1715", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715" - }, - { - "name" : "1018235", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018235" - }, - { - "name" : "24535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24535" - }, - { - "name" : "25627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25627" - }, - { - "name" : "2448", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2448" - }, - { - "name" : "ie-navcancl-xss(33026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22966" + }, + { + "name": "2448", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2448" + }, + { + "name": "35352", + "refsource": "OSVDB", + "url": "http://osvdb.org/35352" + }, + { + "name": "ADV-2007-0946", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0946" + }, + { + "name": "oval:org.mitre.oval:def:1715", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715" + }, + { + "name": "25627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25627" + }, + { + "name": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx", + "refsource": "MISC", + "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx" + }, + { + "name": "SSRT071438", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + }, + { + "name": "ie-navcancl-xss(33026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026" + }, + { + "name": "1018235", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018235" + }, + { + "name": "24535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24535" + }, + { + "name": "ADV-2007-2153", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2153" + }, + { + "name": "TA07-163A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" + }, + { + "name": "http://news.com.com/2100-1002_3-6167410.html", + "refsource": "MISC", + "url": "http://news.com.com/2100-1002_3-6167410.html" + }, + { + "name": "20070315 Re: Phishing using IE7 local resource vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded" + }, + { + "name": "20070315 RE: Phishing using IE7 local resource vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded" + }, + { + "name": "MS07-033", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" + }, + { + "name": "20070314 Phishing using IE7 local resource vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded" + }, + { + "name": "HPSBST02231", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5188.json b/2007/5xxx/CVE-2007-5188.json index 4cbc5cc3ef7..de3762ecf0a 100644 --- a/2007/5xxx/CVE-2007-5188.json +++ b/2007/5xxx/CVE-2007-5188.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=41586&release_id=543338", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=41586&release_id=543338" - }, - { - "name" : "http://www.xoops.org/modules/news/article.php?storyid=3963", - "refsource" : "CONFIRM", - "url" : "http://www.xoops.org/modules/news/article.php?storyid=3963" - }, - { - "name" : "25878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25878" - }, - { - "name" : "ADV-2007-3315", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3315" - }, - { - "name" : "41386", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41386" - }, - { - "name" : "27006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xoops.org/modules/news/article.php?storyid=3963", + "refsource": "CONFIRM", + "url": "http://www.xoops.org/modules/news/article.php?storyid=3963" + }, + { + "name": "27006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27006" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=41586&release_id=543338", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=41586&release_id=543338" + }, + { + "name": "ADV-2007-3315", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3315" + }, + { + "name": "41386", + "refsource": "OSVDB", + "url": "http://osvdb.org/41386" + }, + { + "name": "25878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25878" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5437.json b/2007/5xxx/CVE-2007-5437.json index 8ef8109fe9a..a796babdffc 100644 --- a/2007/5xxx/CVE-2007-5437.json +++ b/2007/5xxx/CVE-2007-5437.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071010 [ELEYTT] 10PAZDZIERNIK2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482021/100/0/threaded" - }, - { - "name" : "http://www.eleytt.com/advisories/eleytt_ETRUSTITM2.pdf", - "refsource" : "MISC", - "url" : "http://www.eleytt.com/advisories/eleytt_ETRUSTITM2.pdf" - }, - { - "name" : "26013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26013" - }, - { - "name" : "43482", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43482" - }, - { - "name" : "3219", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3219", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3219" + }, + { + "name": "20071010 [ELEYTT] 10PAZDZIERNIK2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded" + }, + { + "name": "26013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26013" + }, + { + "name": "http://www.eleytt.com/advisories/eleytt_ETRUSTITM2.pdf", + "refsource": "MISC", + "url": "http://www.eleytt.com/advisories/eleytt_ETRUSTITM2.pdf" + }, + { + "name": "43482", + "refsource": "OSVDB", + "url": "http://osvdb.org/43482" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5610.json b/2007/5xxx/CVE-2007-5610.json index 95e1e7a25be..cdaafc376ff 100644 --- a/2007/5xxx/CVE-2007-5610.json +++ b/2007/5xxx/CVE-2007-5610.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-5610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf", - "refsource" : "MISC", - "url" : "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf" - }, - { - "name" : "HPSBMA02326", - "refsource" : "HP", - "url" : "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" - }, - { - "name" : "SSRT071490", - "refsource" : "HP", - "url" : "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" - }, - { - "name" : "VU#857539", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/857539" - }, - { - "name" : "29526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29526" - }, - { - "name" : "29536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29536" - }, - { - "name" : "ADV-2008-1740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1740/references" - }, - { - "name" : "1020165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020165" - }, - { - "name" : "30516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30516" - }, - { - "name" : "hp-instantsupport-deletesingle-file-deletion(42852)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#857539", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/857539" + }, + { + "name": "30516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30516" + }, + { + "name": "HPSBMA02326", + "refsource": "HP", + "url": "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" + }, + { + "name": "29526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29526" + }, + { + "name": "hp-instantsupport-deletesingle-file-deletion(42852)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42852" + }, + { + "name": "ADV-2008-1740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1740/references" + }, + { + "name": "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf", + "refsource": "MISC", + "url": "http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf" + }, + { + "name": "29536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29536" + }, + { + "name": "1020165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020165" + }, + { + "name": "SSRT071490", + "refsource": "HP", + "url": "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5985.json b/2007/5xxx/CVE-2007-5985.json index 3247d2636ef..697120a7468 100644 --- a/2007/5xxx/CVE-2007-5985.json +++ b/2007/5xxx/CVE-2007-5985.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the \"to\" parameter to usercp.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=752472", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=752472" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=146822&release_id=552477", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=146822&release_id=552477" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1753797&group_id=146822&atid=766508", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1753797&group_id=146822&atid=766508" - }, - { - "name" : "26551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26551" - }, - { - "name" : "38751", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38751" - }, - { - "name" : "38752", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38752" - }, - { - "name" : "38753", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38753" - }, - { - "name" : "38754", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38754" - }, - { - "name" : "42219", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42219" - }, - { - "name" : "42220", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42220" - }, - { - "name" : "42221", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42221" - }, - { - "name" : "42222", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42222" - }, - { - "name" : "27550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27550" - }, - { - "name" : "btitracker-multiple-scripts-xss(38413)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38413" - }, - { - "name" : "btitracker-usercp-xss(38414)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the \"to\" parameter to usercp.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38753", + "refsource": "OSVDB", + "url": "http://osvdb.org/38753" + }, + { + "name": "42219", + "refsource": "OSVDB", + "url": "http://osvdb.org/42219" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1753797&group_id=146822&atid=766508", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1753797&group_id=146822&atid=766508" + }, + { + "name": "btitracker-multiple-scripts-xss(38413)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38413" + }, + { + "name": "btitracker-usercp-xss(38414)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38414" + }, + { + "name": "38754", + "refsource": "OSVDB", + "url": "http://osvdb.org/38754" + }, + { + "name": "42222", + "refsource": "OSVDB", + "url": "http://osvdb.org/42222" + }, + { + "name": "42220", + "refsource": "OSVDB", + "url": "http://osvdb.org/42220" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=146822&release_id=552477", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=146822&release_id=552477" + }, + { + "name": "38751", + "refsource": "OSVDB", + "url": "http://osvdb.org/38751" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=752472", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=752472" + }, + { + "name": "27550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27550" + }, + { + "name": "26551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26551" + }, + { + "name": "42221", + "refsource": "OSVDB", + "url": "http://osvdb.org/42221" + }, + { + "name": "38752", + "refsource": "OSVDB", + "url": "http://osvdb.org/38752" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2445.json b/2009/2xxx/CVE-2009-2445.json index c504c986fe8..9cbbdb37f95 100644 --- a/2009/2xxx/CVE-2009-2445.json +++ b/2009/2xxx/CVE-2009-2445.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://isowarez.de/SunOne_Webserver.txt", - "refsource" : "MISC", - "url" : "http://isowarez.de/SunOne_Webserver.txt" - }, - { - "name" : "266429", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1" - }, - { - "name" : "JVN#47124169", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN47124169/index.html" - }, - { - "name" : "JVNDB-2009-002069", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069" - }, - { - "name" : "55655", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55655" - }, - { - "name" : "1022511", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022511" - }, - { - "name" : "35701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35701" - }, - { - "name" : "ADV-2009-1786", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#47124169", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN47124169/index.html" + }, + { + "name": "266429", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1" + }, + { + "name": "35701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35701" + }, + { + "name": "ADV-2009-1786", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1786" + }, + { + "name": "JVNDB-2009-002069", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069" + }, + { + "name": "55655", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55655" + }, + { + "name": "1022511", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022511" + }, + { + "name": "http://isowarez.de/SunOne_Webserver.txt", + "refsource": "MISC", + "url": "http://isowarez.de/SunOne_Webserver.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2631.json b/2009/2xxx/CVE-2009-2631.json index d55c2f4f6ef..326183a246d 100644 --- a/2009/2xxx/CVE-2009-2631.json +++ b/2009/2xxx/CVE-2009-2631.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-2631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091202 Same-origin policy bypass vulnerabilities in several VPN products reported", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508164/100/0/threaded" - }, - { - "name" : "20060608 SSL VPNs and security", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2006/Jun/238" - }, - { - "name" : "20060609 Re: SSL VPNs and security", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2006/Jun/269" - }, - { - "name" : "20060609 Re: SSL VPNs and security", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2006/Jun/270" - }, - { - "name" : "http://www.sonicwall.com/us/2123_14882.html", - "refsource" : "CONFIRM", - "url" : "http://www.sonicwall.com/us/2123_14882.html" - }, - { - "name" : "http://www.sonicwall.com/us/2123_14883.html", - "refsource" : "CONFIRM", - "url" : "http://www.sonicwall.com/us/2123_14883.html" - }, - { - "name" : "http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html", - "refsource" : "CONFIRM", - "url" : "http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html" - }, - { - "name" : "http://kb.juniper.net/KB15799", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/KB15799" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744" - }, - { - "name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf", - "refsource" : "CONFIRM", - "url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf" - }, - { - "name" : "VU#261869", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/261869" - }, - { - "name" : "37152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37152" - }, - { - "name" : "1023255", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023255" - }, - { - "name" : "37696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37696" - }, - { - "name" : "37786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37786" - }, - { - "name" : "37788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37788" - }, - { - "name" : "37789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37789" - }, - { - "name" : "ADV-2009-3567", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3567" - }, - { - "name" : "ADV-2009-3568", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3568" - }, - { - "name" : "ADV-2009-3569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3569" - }, - { - "name" : "ADV-2009-3570", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3570" - }, - { - "name" : "ADV-2009-3571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3571" - }, - { - "name" : "sslvpn-sameorigin-security-bypass(54523)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37786" + }, + { + "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf", + "refsource": "CONFIRM", + "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf" + }, + { + "name": "20091202 Same-origin policy bypass vulnerabilities in several VPN products reported", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508164/100/0/threaded" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744" + }, + { + "name": "VU#261869", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/261869" + }, + { + "name": "37152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37152" + }, + { + "name": "http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html", + "refsource": "CONFIRM", + "url": "http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html" + }, + { + "name": "ADV-2009-3569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3569" + }, + { + "name": "20060608 SSL VPNs and security", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2006/Jun/238" + }, + { + "name": "1023255", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023255" + }, + { + "name": "ADV-2009-3571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3571" + }, + { + "name": "20060609 Re: SSL VPNs and security", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2006/Jun/269" + }, + { + "name": "37788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37788" + }, + { + "name": "37696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37696" + }, + { + "name": "http://www.sonicwall.com/us/2123_14882.html", + "refsource": "CONFIRM", + "url": "http://www.sonicwall.com/us/2123_14882.html" + }, + { + "name": "http://www.sonicwall.com/us/2123_14883.html", + "refsource": "CONFIRM", + "url": "http://www.sonicwall.com/us/2123_14883.html" + }, + { + "name": "ADV-2009-3570", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3570" + }, + { + "name": "sslvpn-sameorigin-security-bypass(54523)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54523" + }, + { + "name": "http://kb.juniper.net/KB15799", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/KB15799" + }, + { + "name": "20060609 Re: SSL VPNs and security", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2006/Jun/270" + }, + { + "name": "ADV-2009-3568", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3568" + }, + { + "name": "ADV-2009-3567", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3567" + }, + { + "name": "37789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37789" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2635.json b/2009/2xxx/CVE-2009-2635.json index 0473b2a5752..03d540f3eaf 100644 --- a/2009/2xxx/CVE-2009-2635.json +++ b/2009/2xxx/CVE-2009-2635.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8919", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8919", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8919" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2839.json b/2009/2xxx/CVE-2009-2839.json index 05664170730..52fdb7adf1e 100644 --- a/2009/2xxx/CVE-2009-2839.json +++ b/2009/2xxx/CVE-2009-2839.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "36956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36956" - }, - { - "name" : "59997", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59997" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59997", + "refsource": "OSVDB", + "url": "http://osvdb.org/59997" + }, + { + "name": "36956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36956" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2885.json b/2009/2xxx/CVE-2009-2885.json index 6b934a90a88..e68a7b63166 100644 --- a/2009/2xxx/CVE-2009-2885.json +++ b/2009/2xxx/CVE-2009-2885.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/tallestbuildings-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/tallestbuildings-sql.txt" - }, - { - "name" : "56121", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56121" - }, - { - "name" : "35935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35935" - }, - { - "name" : "phpscripts-bios-sql-injection(51870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35935" + }, + { + "name": "phpscripts-bios-sql-injection(51870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51870" + }, + { + "name": "56121", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56121" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/tallestbuildings-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/tallestbuildings-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0193.json b/2015/0xxx/CVE-2015-0193.json index 02f872e6c2d..8c14c531bee 100644 --- a/2015/0xxx/CVE-2015-0193.json +++ b/2015/0xxx/CVE-2015-0193.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697944", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697944" - }, - { - "name" : "JR52626", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697944", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697944" + }, + { + "name": "JR52626", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52626" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0680.json b/2015/0xxx/CVE-2015-0680.json index 4462c35e56e..9a954c05694 100644 --- a/2015/0xxx/CVE-2015-0680.json +++ b/2015/0xxx/CVE-2015-0680.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150327 Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079" - }, - { - "name" : "1031991", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150327 Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079" + }, + { + "name": "1031991", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031991" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3080.json b/2015/3xxx/CVE-2015-3080.json index 92021a9496b..78b3b9007b9 100644 --- a/2015/3xxx/CVE-2015-3080.json +++ b/2015/3xxx/CVE-2015-3080.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37853", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37853/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html" - }, - { - "name" : "GLSA-201505-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201505-02" - }, - { - "name" : "RHSA-2015:1005", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1005.html" - }, - { - "name" : "SUSE-SU-2015:0878", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0890", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0914", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html" - }, - { - "name" : "74608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74608" - }, - { - "name" : "1032285", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032285", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032285" + }, + { + "name": "SUSE-SU-2015:0878", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html" + }, + { + "name": "openSUSE-SU-2015:0890", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html" + }, + { + "name": "37853", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37853/" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html" + }, + { + "name": "GLSA-201505-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201505-02" + }, + { + "name": "openSUSE-SU-2015:0914", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html" + }, + { + "name": "RHSA-2015:1005", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1005.html" + }, + { + "name": "74608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74608" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3135.json b/2015/3xxx/CVE-2015-3135.json index 7d5cc27b4bf..03c4f7ea05e 100644 --- a/2015/3xxx/CVE-2015-3135.json +++ b/2015/3xxx/CVE-2015-3135.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4432 and CVE-2015-5118." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html" - }, - { - "name" : "GLSA-201507-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-13" - }, - { - "name" : "RHSA-2015:1214", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1214.html" - }, - { - "name" : "SUSE-SU-2015:1211", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html" - }, - { - "name" : "SUSE-SU-2015:1214", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html" - }, - { - "name" : "75592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75592" - }, - { - "name" : "1032810", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4432 and CVE-2015-5118." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75592" + }, + { + "name": "1032810", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032810" + }, + { + "name": "SUSE-SU-2015:1211", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html" + }, + { + "name": "RHSA-2015:1214", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1214.html" + }, + { + "name": "SUSE-SU-2015:1214", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html" + }, + { + "name": "GLSA-201507-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-13" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3155.json b/2015/3xxx/CVE-2015-3155.json index 5940619d380..9a852f82bc1 100644 --- a/2015/3xxx/CVE-2015-3155.json +++ b/2015/3xxx/CVE-2015-3155.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.theforeman.org/issues/10275", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/10275" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1216035", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1216035" - }, - { - "name" : "https://github.com/theforeman/foreman/pull/2328", - "refsource" : "CONFIRM", - "url" : "https://github.com/theforeman/foreman/pull/2328" - }, - { - "name" : "https://groups.google.com/forum/#!topic/foreman-announce/QPtN0h04jdo", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/foreman-announce/QPtN0h04jdo" - }, - { - "name" : "RHSA-2015:1591", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:1591" - }, - { - "name" : "RHSA-2015:1592", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:1592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://projects.theforeman.org/issues/10275", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/10275" + }, + { + "name": "RHSA-2015:1592", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:1592" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216035", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216035" + }, + { + "name": "https://groups.google.com/forum/#!topic/foreman-announce/QPtN0h04jdo", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/foreman-announce/QPtN0h04jdo" + }, + { + "name": "RHSA-2015:1591", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:1591" + }, + { + "name": "https://github.com/theforeman/foreman/pull/2328", + "refsource": "CONFIRM", + "url": "https://github.com/theforeman/foreman/pull/2328" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3295.json b/2015/3xxx/CVE-2015-3295.json index 0e57f9566b1..ceeef8946de 100644 --- a/2015/3xxx/CVE-2015-3295.json +++ b/2015/3xxx/CVE-2015-3295.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "markdown-it before 4.1.0 does not block data: URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150410 Re: CVE request - NodeBB Persistent XSS through Markdown", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/10/10" - }, - { - "name" : "https://github.com/markdown-it/markdown-it/commit/f76d3beb46abd121892a2e2e5c78376354c214e3", - "refsource" : "CONFIRM", - "url" : "https://github.com/markdown-it/markdown-it/commit/f76d3beb46abd121892a2e2e5c78376354c214e3" - }, - { - "name" : "71824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "markdown-it before 4.1.0 does not block data: URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150410 Re: CVE request - NodeBB Persistent XSS through Markdown", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/10/10" + }, + { + "name": "71824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71824" + }, + { + "name": "https://github.com/markdown-it/markdown-it/commit/f76d3beb46abd121892a2e2e5c78376354c214e3", + "refsource": "CONFIRM", + "url": "https://github.com/markdown-it/markdown-it/commit/f76d3beb46abd121892a2e2e5c78376354c214e3" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3390.json b/2015/3xxx/CVE-2015-3390.json index 52f2f5413a0..d55e338bf55 100644 --- a/2015/3xxx/CVE-2015-3390.json +++ b/2015/3xxx/CVE-2015-3390.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the \"access administration pages\" permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150205 CVE requests for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/05/16" - }, - { - "name" : "https://www.drupal.org/node/2420161", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2420161" - }, - { - "name" : "72570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72570" - }, - { - "name" : "drupal-facebookalbumfetcher-xss(100655)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the \"access administration pages\" permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "drupal-facebookalbumfetcher-xss(100655)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100655" + }, + { + "name": "72570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72570" + }, + { + "name": "[oss-security] 20150205 CVE requests for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/05/16" + }, + { + "name": "https://www.drupal.org/node/2420161", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2420161" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3615.json b/2015/3xxx/CVE-2015-3615.json index b6dbf93039c..0d364919d7c 100644 --- a/2015/3xxx/CVE-2015-3615.json +++ b/2015/3xxx/CVE-2015-3615.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/psirt/FG-IR-15-011", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-15-011" - }, - { - "name" : "74444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74444" - }, - { - "name" : "1032188", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74444" + }, + { + "name": "https://fortiguard.com/psirt/FG-IR-15-011", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-15-011" + }, + { + "name": "1032188", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032188" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4162.json b/2015/4xxx/CVE-2015-4162.json index 1bf26867b8a..a3fae5f360a 100644 --- a/2015/4xxx/CVE-2015-4162.json +++ b/2015/4xxx/CVE-2015-4162.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/31", - "refsource" : "CONFIRM", - "url" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/31" - }, - { - "name" : "74941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityadvisories.paloaltonetworks.com/Home/Detail/31", + "refsource": "CONFIRM", + "url": "http://securityadvisories.paloaltonetworks.com/Home/Detail/31" + }, + { + "name": "74941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74941" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4530.json b/2015/4xxx/CVE-2015-4530.json index 2abff780647..c6d52a14773 100644 --- a/2015/4xxx/CVE-2015-4530.json +++ b/2015/4xxx/CVE-2015-4530.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-4530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Aug/87" - }, - { - "name" : "76405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76405" + }, + { + "name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Aug/87" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4625.json b/2015/4xxx/CVE-2015-4625.json index 7cb1be0354a..94974794757 100644 --- a/2015/4xxx/CVE-2015-4625.json +++ b/2015/4xxx/CVE-2015-4625.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150608 CVE request for polkit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/08/3" - }, - { - "name" : "[oss-security] 20150609 Re: CVE request for polkit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/09/1" - }, - { - "name" : "[oss-security] 20150616 Re: CVE request for polkit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/16/21" - }, - { - "name" : "[polkit-devel] 20150529 Agent Authentication Question", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html" - }, - { - "name" : "[polkit-devel] 20150603 Agent Authentication Question", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html" - }, - { - "name" : "[polkit-devel] 20150702 polkit-0.113 released", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html" - }, - { - "name" : "FEDORA-2015-11058", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html" - }, - { - "name" : "FEDORA-2015-11743", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html" - }, - { - "name" : "openSUSE-SU-2015:1734", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:1927", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html" - }, - { - "name" : "75267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75267" - }, - { - "name" : "1035023", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[polkit-devel] 20150603 Agent Authentication Question", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html" + }, + { + "name": "75267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75267" + }, + { + "name": "FEDORA-2015-11058", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html" + }, + { + "name": "openSUSE-SU-2015:1927", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html" + }, + { + "name": "FEDORA-2015-11743", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html" + }, + { + "name": "[polkit-devel] 20150702 polkit-0.113 released", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html" + }, + { + "name": "[oss-security] 20150609 Re: CVE request for polkit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/09/1" + }, + { + "name": "openSUSE-SU-2015:1734", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html" + }, + { + "name": "[oss-security] 20150608 CVE request for polkit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/08/3" + }, + { + "name": "[polkit-devel] 20150529 Agent Authentication Question", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html" + }, + { + "name": "[oss-security] 20150616 Re: CVE request for polkit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/16/21" + }, + { + "name": "1035023", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035023" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4878.json b/2015/4xxx/CVE-2015-4878.json index 008f8330d95..305895df9aa 100644 --- a/2015/4xxx/CVE-2015-4878.json +++ b/2015/4xxx/CVE-2015-4878.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151026 Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536762/100/0/threaded" - }, - { - "name" : "38789", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38789/" - }, - { - "name" : "http://packetstormsecurity.com/files/134089/Oracle-Outside-In-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134089/Oracle-Outside-In-Buffer-Overflow.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "77133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77133" - }, - { - "name" : "1033898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151026 Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536762/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "77133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77133" + }, + { + "name": "1033898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033898" + }, + { + "name": "http://packetstormsecurity.com/files/134089/Oracle-Outside-In-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134089/Oracle-Outside-In-Buffer-Overflow.html" + }, + { + "name": "38789", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38789/" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8215.json b/2015/8xxx/CVE-2015-8215.json index c780e8f2818..59da145b015 100644 --- a/2015/8xxx/CVE-2015-8215.json +++ b/2015/8xxx/CVE-2015-8215.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-8215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192132", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192132" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac" - }, - { - "name" : "https://bugs.launchpad.net/bugs/1500810", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/bugs/1500810" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=944296", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=944296" - }, - { - "name" : "https://github.com/torvalds/linux/commit/77751427a1ff25b27d47a4c36b12c3c8667855ac", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/77751427a1ff25b27d47a4c36b12c3c8667855ac" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3364", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3364" - }, - { - "name" : "RHSA-2016:0855", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0855.html" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0354", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html" - }, - { - "name" : "SUSE-SU-2015:2194", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:2292", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:2339", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:2350", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" - }, - { - "name" : "85274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:2292", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" + }, + { + "name": "RHSA-2016:0855", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html" + }, + { + "name": "SUSE-SU-2015:2350", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" + }, + { + "name": "DSA-3364", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3364" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "SUSE-SU-2015:2194", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" + }, + { + "name": "SUSE-SU-2016:0354", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html" + }, + { + "name": "SUSE-SU-2015:2339", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" + }, + { + "name": "https://bugs.launchpad.net/bugs/1500810", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/bugs/1500810" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=944296", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=944296" + }, + { + "name": "85274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85274" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/77751427a1ff25b27d47a4c36b12c3c8667855ac", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/77751427a1ff25b27d47a4c36b12c3c8667855ac" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1192132", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192132" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8395.json b/2015/8xxx/CVE-2015-8395.json index 384ea901d69..072852a23df 100644 --- a/2015/8xxx/CVE-2015-8395.json +++ b/2015/8xxx/CVE-2015-8395.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151128 Re: Heap Overflow in PCRE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/29/1" - }, - { - "name" : "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "refsource" : "CONFIRM", - "url" : "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa128", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa128" - }, - { - "name" : "GLSA-201607-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-02" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20151128 Re: Heap Overflow in PCRE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa128", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa128" + }, + { + "name": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "refsource": "CONFIRM", + "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup" + }, + { + "name": "GLSA-201607-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8893.json b/2015/8xxx/CVE-2015-8893.json index 95534654317..183d11556a5 100644 --- a/2015/8xxx/CVE-2015-8893.json +++ b/2015/8xxx/CVE-2015-8893.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-8893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=800255e8bfcc31a02e89460460e3811f225e7a69", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=800255e8bfcc31a02e89460460e3811f225e7a69" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=800255e8bfcc31a02e89460460e3811f225e7a69", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=800255e8bfcc31a02e89460460e3811f225e7a69" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9018.json b/2015/9xxx/CVE-2015-9018.json index 974b3932c31..d88d7d10abc 100644 --- a/2015/9xxx/CVE-2015-9018.json +++ b/2015/9xxx/CVE-2015-9018.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9018", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9018", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9084.json b/2015/9xxx/CVE-2015-9084.json index f632f2615b2..af73fba5f5d 100644 --- a/2015/9xxx/CVE-2015-9084.json +++ b/2015/9xxx/CVE-2015-9084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9084", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9084", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1367.json b/2016/1xxx/CVE-2016-1367.json index b775087ad9e..f5ae0c344a8 100644 --- a/2016/1xxx/CVE-2016-1367.json +++ b/2016/1xxx/CVE-2016-1367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160420 Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6" - }, - { - "name" : "1035635", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035635", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035635" + }, + { + "name": "20160420 Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5154.json b/2016/5xxx/CVE-2016-5154.json index a143f5d40a6..6d5ae031d5a 100644 --- a/2016/5xxx/CVE-2016-5154.json +++ b/2016/5xxx/CVE-2016-5154.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://codereview.chromium.org/2202013002/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2202013002/" - }, - { - "name" : "https://crbug.com/633002", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/633002" - }, - { - "name" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", - "refsource" : "CONFIRM", - "url" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" - }, - { - "name" : "DSA-3660", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3660" - }, - { - "name" : "GLSA-201610-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-09" - }, - { - "name" : "RHSA-2016:1854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1854.html" - }, - { - "name" : "openSUSE-SU-2016:2349", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html" - }, - { - "name" : "SUSE-SU-2016:2251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:2250", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html" - }, - { - "name" : "openSUSE-SU-2016:2296", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html" - }, - { - "name" : "92717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92717" - }, - { - "name" : "1036729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:2250", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html" + }, + { + "name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", + "refsource": "CONFIRM", + "url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" + }, + { + "name": "SUSE-SU-2016:2251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html" + }, + { + "name": "92717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92717" + }, + { + "name": "https://codereview.chromium.org/2202013002/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2202013002/" + }, + { + "name": "1036729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036729" + }, + { + "name": "openSUSE-SU-2016:2349", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html" + }, + { + "name": "https://crbug.com/633002", + "refsource": "CONFIRM", + "url": "https://crbug.com/633002" + }, + { + "name": "DSA-3660", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3660" + }, + { + "name": "GLSA-201610-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-09" + }, + { + "name": "openSUSE-SU-2016:2296", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html" + }, + { + "name": "RHSA-2016:1854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5643.json b/2016/5xxx/CVE-2016-5643.json index acadb9b0a76..3dd877ea884 100644 --- a/2016/5xxx/CVE-2016-5643.json +++ b/2016/5xxx/CVE-2016-5643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5643", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5643", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5674.json b/2016/5xxx/CVE-2016-5674.json index d6c94514093..813cee8a28a 100644 --- a/2016/5xxx/CVE-2016-5674.json +++ b/2016/5xxx/CVE-2016-5674.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-5674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40200", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40200/" - }, - { - "name" : "VU#856152", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/856152" - }, - { - "name" : "92318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#856152", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/856152" + }, + { + "name": "92318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92318" + }, + { + "name": "40200", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40200/" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5736.json b/2016/5xxx/CVE-2016-5736.json index 395a39cdd43..0e0f7f1d7af 100644 --- a/2016/5xxx/CVE-2016-5736.json +++ b/2016/5xxx/CVE-2016-5736.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/k/10/sol10133477.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/k/10/sol10133477.html" - }, - { - "name" : "1036618", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036618", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036618" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/k/10/sol10133477.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/k/10/sol10133477.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2001.json b/2018/2xxx/CVE-2018-2001.json index e6ae9de88b6..c0981c61233 100644 --- a/2018/2xxx/CVE-2018-2001.json +++ b/2018/2xxx/CVE-2018-2001.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2001", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2001", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2067.json b/2018/2xxx/CVE-2018-2067.json index b037bacca46..2c301166f5a 100644 --- a/2018/2xxx/CVE-2018-2067.json +++ b/2018/2xxx/CVE-2018-2067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2067", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2067", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2147.json b/2018/2xxx/CVE-2018-2147.json index 2be9f97469f..df6e60a9398 100644 --- a/2018/2xxx/CVE-2018-2147.json +++ b/2018/2xxx/CVE-2018-2147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2147", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2147", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2394.json b/2018/2xxx/CVE-2018-2394.json index 6aa8d5fec1d..d3941406c41 100644 --- a/2018/2xxx/CVE-2018-2394.json +++ b/2018/2xxx/CVE-2018-2394.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Internet Graphics Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "7.20" - }, - { - "version_affected" : "=", - "version_value" : "7.20EXT" - }, - { - "version_affected" : "=", - "version_value" : "7.45" - }, - { - "version_affected" : "=", - "version_value" : "7.49" - }, - { - "version_affected" : "=", - "version_value" : "7.53" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial-of-Service" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Internet Graphics Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.20" + }, + { + "version_affected": "=", + "version_value": "7.20EXT" + }, + { + "version_affected": "=", + "version_value": "7.45" + }, + { + "version_affected": "=", + "version_value": "7.49" + }, + { + "version_affected": "=", + "version_value": "7.53" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2525222", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2525222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2525222", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2525222" + }, + { + "name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6197.json b/2018/6xxx/CVE-2018-6197.json index 0d4341ae93b..afa395433f6 100644 --- a/2018/6xxx/CVE-2018-6197.json +++ b/2018/6xxx/CVE-2018-6197.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8" - }, - { - "name" : "https://github.com/tats/w3m/issues/89", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/issues/89" - }, - { - "name" : "USN-3555-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3555-2/" - }, - { - "name" : "USN-3555-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3555-1/" - }, - { - "name" : "102846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102846" + }, + { + "name": "USN-3555-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3555-2/" + }, + { + "name": "https://github.com/tats/w3m/issues/89", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/issues/89" + }, + { + "name": "USN-3555-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3555-1/" + }, + { + "name": "https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6257.json b/2018/6xxx/CVE-2018-6257.json index 68945fade12..e5f1ddf8849 100644 --- a/2018/6xxx/CVE-2018-6257.json +++ b/2018/6xxx/CVE-2018-6257.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-08-30T00:00:00", - "ID" : "CVE-2018-6257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA GeForce Experience", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to 3.14.1" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-08-30T00:00:00", + "ID": "CVE-2018-6257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA GeForce Experience", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 3.14.1" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", - "refsource" : "CONFIRM", - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6260.json b/2018/6xxx/CVE-2018-6260.json index c30baf6b676..4b15c6aaf1e 100644 --- a/2018/6xxx/CVE-2018-6260.json +++ b/2018/6xxx/CVE-2018-6260.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2018-6260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Graphics Driver", - "version" : { - "version_data" : [ - { - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2018-6260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Graphics Driver", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4738", - "refsource" : "CONFIRM", - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4738" - }, - { - "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772", - "refsource" : "CONFIRM", - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772" - }, - { - "name" : "USN-3904-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3904-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4772", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4772" + }, + { + "name": "USN-3904-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3904-1/" + }, + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4738", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4738" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6464.json b/2018/6xxx/CVE-2018-6464.json index c2b5a7d3a86..102ec14d82c 100644 --- a/2018/6xxx/CVE-2018-6464.json +++ b/2018/6xxx/CVE-2018-6464.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Heartway/simditor/blob/master/simditor.docx", - "refsource" : "MISC", - "url" : "https://github.com/Heartway/simditor/blob/master/simditor.docx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Heartway/simditor/blob/master/simditor.docx", + "refsource": "MISC", + "url": "https://github.com/Heartway/simditor/blob/master/simditor.docx" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6899.json b/2018/6xxx/CVE-2018-6899.json index b9f6bb2c06d..038bc047cf8 100644 --- a/2018/6xxx/CVE-2018-6899.json +++ b/2018/6xxx/CVE-2018-6899.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6899", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6899", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0099.json b/2019/0xxx/CVE-2019-0099.json index 792af9bbd86..bd69b6a934c 100644 --- a/2019/0xxx/CVE-2019-0099.json +++ b/2019/0xxx/CVE-2019-0099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0099", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0099", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0317.json b/2019/0xxx/CVE-2019-0317.json index 3ca0e6ee22b..a034ec0bdca 100644 --- a/2019/0xxx/CVE-2019-0317.json +++ b/2019/0xxx/CVE-2019-0317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0683.json b/2019/0xxx/CVE-2019-0683.json index e9d81c62b4f..30a7177bf42 100644 --- a/2019/0xxx/CVE-2019-0683.json +++ b/2019/0xxx/CVE-2019-0683.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0683", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0683", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1322.json b/2019/1xxx/CVE-2019-1322.json index 705445d6409..5d0a5bd91f6 100644 --- a/2019/1xxx/CVE-2019-1322.json +++ b/2019/1xxx/CVE-2019-1322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1322", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1322", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1690.json b/2019/1xxx/CVE-2019-1690.json index f3955f1c83e..94bc1f0c6f3 100644 --- a/2019/1xxx/CVE-2019-1690.json +++ b/2019/1xxx/CVE-2019-1690.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", - "ID" : "CVE-2019-1690", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Application Policy Infrastructure Controller (APIC) ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.2(0.21c)" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local address on the affected device. A successful exploit could allow the attacker to bypass default access control restrictions on an affected device. Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c) are affected." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "4.3", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-06T16:00:00-0800", + "ID": "CVE-2019-1690", + "STATE": "PUBLIC", + "TITLE": "Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Application Policy Infrastructure Controller (APIC) ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.2(0.21c)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190306 Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-apic-ipv6" - }, - { - "name" : "107317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107317" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190306-apic-ipv6", - "defect" : [ - [ - "CSCvn09855" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local address on the affected device. A successful exploit could allow the attacker to bypass default access control restrictions on an affected device. Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c) are affected." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107317" + }, + { + "name": "20190306 Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-apic-ipv6" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190306-apic-ipv6", + "defect": [ + [ + "CSCvn09855" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1724.json b/2019/1xxx/CVE-2019-1724.json index 2727eedefbb..e0b6e9c382e 100644 --- a/2019/1xxx/CVE-2019-1724.json +++ b/2019/1xxx/CVE-2019-1724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1724", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1724", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1767.json b/2019/1xxx/CVE-2019-1767.json index 167822bc040..80b69926e96 100644 --- a/2019/1xxx/CVE-2019-1767.json +++ b/2019/1xxx/CVE-2019-1767.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1767", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1767", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1955.json b/2019/1xxx/CVE-2019-1955.json index cabf493cc10..b9e8e3faa07 100644 --- a/2019/1xxx/CVE-2019-1955.json +++ b/2019/1xxx/CVE-2019-1955.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1955", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1955", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5226.json b/2019/5xxx/CVE-2019-5226.json index e04dea3dd87..6f3f89a6777 100644 --- a/2019/5xxx/CVE-2019-5226.json +++ b/2019/5xxx/CVE-2019-5226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5226", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5226", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5543.json b/2019/5xxx/CVE-2019-5543.json index f2eb4b55125..fdc6e626597 100644 --- a/2019/5xxx/CVE-2019-5543.json +++ b/2019/5xxx/CVE-2019-5543.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5543", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5543", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5672.json b/2019/5xxx/CVE-2019-5672.json index 63b49048dc4..e8e18455be8 100644 --- a/2019/5xxx/CVE-2019-5672.json +++ b/2019/5xxx/CVE-2019-5672.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5672", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5672", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5697.json b/2019/5xxx/CVE-2019-5697.json index 8f2621c7d86..5a11043a3d2 100644 --- a/2019/5xxx/CVE-2019-5697.json +++ b/2019/5xxx/CVE-2019-5697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5697", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5697", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file