diff --git a/1999/0xxx/CVE-1999-0298.json b/1999/0xxx/CVE-1999-0298.json index bf7a00af58b..69240c95701 100644 --- a/1999/0xxx/CVE-1999-0298.json +++ b/1999/0xxx/CVE-1999-0298.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19970205 Vulnerabilities in Ypbind when run with -ypset/-ypsetme", - "refsource" : "NAI", - "url" : "http://www.nai.com/nai_labs/asp_set/advisory/06_ypbindsetme_adv.asp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19970205 Vulnerabilities in Ypbind when run with -ypset/-ypsetme", + "refsource": "NAI", + "url": "http://www.nai.com/nai_labs/asp_set/advisory/06_ypbindsetme_adv.asp" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0300.json b/1999/0xxx/CVE-1999-0300.json index d3518edef3e..058b7620c7e 100644 --- a/1999/0xxx/CVE-1999-0300.json +++ b/1999/0xxx/CVE-1999-0300.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00155", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "00155", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1229.json b/2000/1xxx/CVE-2000-1229.json index 5e07418c290..f14209f2d61 100644 --- a/2000/1xxx/CVE-2000-1229.json +++ b/2000/1xxx/CVE-2000-1229.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via \"..\" (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000106 Phorum 3.0.7 exploits and IDS signatures", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html" - }, - { - "name" : "http://hispahack.ccc.de/mi020.html", - "refsource" : "MISC", - "url" : "http://hispahack.ccc.de/mi020.html" - }, - { - "name" : "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm", - "refsource" : "MISC", - "url" : "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via \"..\" (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm", + "refsource": "MISC", + "url": "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm" + }, + { + "name": "20000106 Phorum 3.0.7 exploits and IDS signatures", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html" + }, + { + "name": "http://hispahack.ccc.de/mi020.html", + "refsource": "MISC", + "url": "http://hispahack.ccc.de/mi020.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2233.json b/2005/2xxx/CVE-2005-2233.json index 84125d5f6ab..fc029e15d4b 100644 --- a/2005/2xxx/CVE-2005-2233.json +++ b/2005/2xxx/CVE-2005-2233.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in multiple \"p\" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.caughq.org/advisories/CAU-2005-0006.txt", - "refsource" : "MISC", - "url" : "http://www.caughq.org/advisories/CAU-2005-0006.txt" - }, - { - "name" : "http://www.security-focus.com/advisories/8684", - "refsource" : "CONFIRM", - "url" : "http://www.security-focus.com/advisories/8684" - }, - { - "name" : "13915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13915" - }, - { - "name" : "1014132", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014132" - }, - { - "name" : "15636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in multiple \"p\" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15636" + }, + { + "name": "13915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13915" + }, + { + "name": "http://www.security-focus.com/advisories/8684", + "refsource": "CONFIRM", + "url": "http://www.security-focus.com/advisories/8684" + }, + { + "name": "http://www.caughq.org/advisories/CAU-2005-0006.txt", + "refsource": "MISC", + "url": "http://www.caughq.org/advisories/CAU-2005-0006.txt" + }, + { + "name": "1014132", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014132" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2368.json b/2005/2xxx/CVE-2005-2368.json index b61a8dbcf3d..dc06b8c233b 100644 --- a/2005/2xxx/CVE-2005-2368.json +++ b/2005/2xxx/CVE-2005-2368.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050725 Help poor children in Uganda", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035402.html" - }, - { - "name" : "http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html" - }, - { - "name" : "RHSA-2005:745", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-745.html" - }, - { - "name" : "14374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14374" - }, - { - "name" : "oval:org.mitre.oval:def:11302", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14374" + }, + { + "name": "RHSA-2005:745", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-745.html" + }, + { + "name": "20050725 Help poor children in Uganda", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035402.html" + }, + { + "name": "http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html", + "refsource": "MISC", + "url": "http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html" + }, + { + "name": "oval:org.mitre.oval:def:11302", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11302" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3104.json b/2005/3xxx/CVE-2005-3104.json index 2d92c9f6e1a..7b9ce9687e5 100644 --- a/2005/3xxx/CVE-2005-3104.json +++ b/2005/3xxx/CVE-2005-3104.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051103 Buggy blogging", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html" - }, - { - "name" : "16899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051103 Buggy blogging", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html" + }, + { + "name": "16899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16899" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3704.json b/2005/3xxx/CVE-2005-3704.json index 0d087653e9d..c36442b0886 100644 --- a/2005/3xxx/CVE-2005-3704.json +++ b/2005/3xxx/CVE-2005-3704.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-11-29", - "refsource" : "APPLE", - "url" : "http://docs.info.apple.com/article.html?artnum=302847" - }, - { - "name" : "15647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15647" - }, - { - "name" : "ADV-2005-2659", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2659" - }, - { - "name" : "21277", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21277" - }, - { - "name" : "1015293", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015293" - }, - { - "name" : "17813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17813" - }, - { - "name" : "macos-syslog-forgery(23344)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-syslog-forgery(23344)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23344" + }, + { + "name": "17813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17813" + }, + { + "name": "ADV-2005-2659", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2659" + }, + { + "name": "1015293", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015293" + }, + { + "name": "APPLE-SA-2005-11-29", + "refsource": "APPLE", + "url": "http://docs.info.apple.com/article.html?artnum=302847" + }, + { + "name": "21277", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21277" + }, + { + "name": "15647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15647" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3949.json b/2005/3xxx/CVE-2005-3949.json index 35d608154bb..85846e85309 100644 --- a/2005/3xxx/CVE-2005-3949.json +++ b/2005/3xxx/CVE-2005-3949.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051128 WebCalendar Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417900/100/0/threaded" - }, - { - "name" : "http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?thread_id=1392833&forum_id=11587", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?thread_id=1392833&forum_id=11587" - }, - { - "name" : "20051201 WebCalendar Multiple Vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418286/100/0/threaded" - }, - { - "name" : "DSA-1002", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1002" - }, - { - "name" : "15606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15606" - }, - { - "name" : "15662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15662" - }, - { - "name" : "15608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15608" - }, - { - "name" : "ADV-2005-2643", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2643" - }, - { - "name" : "21216", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21216" - }, - { - "name" : "21217", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21217" - }, - { - "name" : "21218", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21218" - }, - { - "name" : "21219", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21219" - }, - { - "name" : "17784", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17784" - }, - { - "name" : "19240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19240" - }, - { - "name" : "215", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/215" - }, - { - "name" : "webcalendar-multiple-scripts-sql-injection(23369)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17784", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17784" + }, + { + "name": "20051201 WebCalendar Multiple Vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418286/100/0/threaded" + }, + { + "name": "20051128 WebCalendar Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417900/100/0/threaded" + }, + { + "name": "21219", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21219" + }, + { + "name": "19240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19240" + }, + { + "name": "webcalendar-multiple-scripts-sql-injection(23369)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23369" + }, + { + "name": "21218", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21218" + }, + { + "name": "21217", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21217" + }, + { + "name": "ADV-2005-2643", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2643" + }, + { + "name": "215", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/215" + }, + { + "name": "21216", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21216" + }, + { + "name": "http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities" + }, + { + "name": "http://sourceforge.net/forum/forum.php?thread_id=1392833&forum_id=11587", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?thread_id=1392833&forum_id=11587" + }, + { + "name": "15608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15608" + }, + { + "name": "15662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15662" + }, + { + "name": "DSA-1002", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1002" + }, + { + "name": "15606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15606" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5430.json b/2007/5xxx/CVE-2007-5430.json index b7024793a5d..964064581fc 100644 --- a/2007/5xxx/CVE-2007-5430.json +++ b/2007/5xxx/CVE-2007-5430.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071010 Vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482006/100/0/threaded" - }, - { - "name" : "http://securityvulns.ru/Sdocument4.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/Sdocument4.html" - }, - { - "name" : "26036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26036" - }, - { - "name" : "26041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26041" - }, - { - "name" : "26046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26046" - }, - { - "name" : "43491", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43491" - }, - { - "name" : "43492", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43492" - }, - { - "name" : "43494", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43494" - }, - { - "name" : "3216", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26036" + }, + { + "name": "20071010 Vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded" + }, + { + "name": "26046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26046" + }, + { + "name": "3216", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3216" + }, + { + "name": "26041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26041" + }, + { + "name": "43494", + "refsource": "OSVDB", + "url": "http://osvdb.org/43494" + }, + { + "name": "http://securityvulns.ru/Sdocument4.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/Sdocument4.html" + }, + { + "name": "43491", + "refsource": "OSVDB", + "url": "http://osvdb.org/43491" + }, + { + "name": "43492", + "refsource": "OSVDB", + "url": "http://osvdb.org/43492" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5577.json b/2007/5xxx/CVE-2007-5577.json index 77ae4a41df2..afc076b69ee 100644 --- a/2007/5xxx/CVE-2007-5577.json +++ b/2007/5xxx/CVE-2007-5577.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/3677/1/", - "refsource" : "MISC", - "url" : "http://www.joomla.org/content/view/3677/1/" - }, - { - "name" : "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654" - }, - { - "name" : "http://www.joomla.org/content/view/3670/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/3670/78/" - }, - { - "name" : "24663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24663" - }, - { - "name" : "37173", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37173" - }, - { - "name" : "25804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25804" - }, - { - "name" : "joomla-section-manager-xss(35119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.joomla.org/content/view/3677/1/", + "refsource": "MISC", + "url": "http://www.joomla.org/content/view/3677/1/" + }, + { + "name": "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654" + }, + { + "name": "37173", + "refsource": "OSVDB", + "url": "http://osvdb.org/37173" + }, + { + "name": "http://www.joomla.org/content/view/3670/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/3670/78/" + }, + { + "name": "25804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25804" + }, + { + "name": "24663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24663" + }, + { + "name": "joomla-section-manager-xss(35119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35119" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2357.json b/2009/2xxx/CVE-2009-2357.json index a2cbf0846ef..51d603f2223 100644 --- a/2009/2xxx/CVE-2009-2357.json +++ b/2009/2xxx/CVE-2009-2357.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090706 Medium security hole in TekRADIUS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504740/100/0/threaded" - }, - { - "name" : "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56", - "refsource" : "MISC", - "url" : "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56" - }, - { - "name" : "ADV-2009-1816", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1816", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1816" + }, + { + "name": "20090706 Medium security hole in TekRADIUS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded" + }, + { + "name": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56", + "refsource": "MISC", + "url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2437.json b/2009/2xxx/CVE-2009-2437.json index b0242cd4b0b..92f23a27a44 100644 --- a/2009/2xxx/CVE-2009-2437.json +++ b/2009/2xxx/CVE-2009-2437.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/rentventory-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/rentventory-xss.txt" - }, - { - "name" : "35749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35749" - }, - { - "name" : "ADV-2009-1835", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1835", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1835" + }, + { + "name": "35749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35749" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/rentventory-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/rentventory-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2726.json b/2009/2xxx/CVE-2009-2726.json index 49e8d503d86..5f885fe27cf 100644 --- a/2009/2xxx/CVE-2009-2726.json +++ b/2009/2xxx/CVE-2009-2726.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505669/100/0/threaded" - }, - { - "name" : "http://labs.mudynamics.com/advisories/MU-200908-01.txt", - "refsource" : "MISC", - "url" : "http://labs.mudynamics.com/advisories/MU-200908-01.txt" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2009-005.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2009-005.html" - }, - { - "name" : "36015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36015" - }, - { - "name" : "1022705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022705" - }, - { - "name" : "36227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36227" - }, - { - "name" : "ADV-2009-2229", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://labs.mudynamics.com/advisories/MU-200908-01.txt", + "refsource": "MISC", + "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt" + }, + { + "name": "ADV-2009-2229", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2229" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2009-005.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2009-005.html" + }, + { + "name": "36015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36015" + }, + { + "name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded" + }, + { + "name": "1022705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022705" + }, + { + "name": "36227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36227" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3509.json b/2009/3xxx/CVE-2009-3509.json index 9d9a958f841..917ae86f0e0 100644 --- a/2009/3xxx/CVE-2009-3509.json +++ b/2009/3xxx/CVE-2009-3509.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/cjdynamicpoll-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/cjdynamicpoll-xss.txt" - }, - { - "name" : "56181", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56181" - }, - { - "name" : "35799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35799" - }, - { - "name" : "ADV-2009-1983", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1983" - }, - { - "name" : "cjdynamic-adminindex-xss(51925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0907-exploits/cjdynamicpoll-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/cjdynamicpoll-xss.txt" + }, + { + "name": "35799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35799" + }, + { + "name": "56181", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56181" + }, + { + "name": "ADV-2009-1983", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1983" + }, + { + "name": "cjdynamic-adminindex-xss(51925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51925" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3796.json b/2009/3xxx/CVE-2009-3796.json index 926e29375e3..b8d994de611 100644 --- a/2009/3xxx/CVE-2009-3796.json +++ b/2009/3xxx/CVE-2009-3796.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-19.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=543857", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=543857" - }, - { - "name" : "http://support.apple.com/kb/HT4004", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4004" - }, - { - "name" : "APPLE-SA-2010-01-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" - }, - { - "name" : "RHSA-2009:1657", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1657.html" - }, - { - "name" : "RHSA-2009:1658", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1658.html" - }, - { - "name" : "1021716", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1" - }, - { - "name" : "SUSE-SA:2009:062", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html" - }, - { - "name" : "TA09-343A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-343A.html" - }, - { - "name" : "37199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37199" - }, - { - "name" : "60886", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60886" - }, - { - "name" : "oval:org.mitre.oval:def:7460", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7460" - }, - { - "name" : "oval:org.mitre.oval:def:7763", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7763" - }, - { - "name" : "oval:org.mitre.oval:def:16216", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16216" - }, - { - "name" : "1023306", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023306" - }, - { - "name" : "1023307", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023307" - }, - { - "name" : "37584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37584" - }, - { - "name" : "37902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37902" - }, - { - "name" : "38241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38241" - }, - { - "name" : "ADV-2009-3456", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3456" - }, - { - "name" : "ADV-2010-0173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0173" - }, - { - "name" : "flash-air-data-code-execution(54632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2009:1657", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html" + }, + { + "name": "1023307", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023307" + }, + { + "name": "http://support.apple.com/kb/HT4004", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4004" + }, + { + "name": "1021716", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1" + }, + { + "name": "oval:org.mitre.oval:def:16216", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16216" + }, + { + "name": "APPLE-SA-2010-01-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" + }, + { + "name": "ADV-2009-3456", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3456" + }, + { + "name": "SUSE-SA:2009:062", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857" + }, + { + "name": "flash-air-data-code-execution(54632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54632" + }, + { + "name": "oval:org.mitre.oval:def:7763", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7763" + }, + { + "name": "37584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37584" + }, + { + "name": "60886", + "refsource": "OSVDB", + "url": "http://osvdb.org/60886" + }, + { + "name": "37902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37902" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html" + }, + { + "name": "1023306", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023306" + }, + { + "name": "RHSA-2009:1658", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html" + }, + { + "name": "TA09-343A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html" + }, + { + "name": "38241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38241" + }, + { + "name": "37199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37199" + }, + { + "name": "ADV-2010-0173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0173" + }, + { + "name": "oval:org.mitre.oval:def:7460", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7460" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0621.json b/2015/0xxx/CVE-2015-0621.json index c2bad137694..458a74809c8 100644 --- a/2015/0xxx/CVE-2015-0621.json +++ b/2015/0xxx/CVE-2015-0621.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37495", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37495" - }, - { - "name" : "20150217 Cisco TelePresence Multipoint Control Unit Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0621" - }, - { - "name" : "72635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72635" - }, - { - "name" : "1031756", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031756" - }, - { - "name" : "cisco-telepresence-cve20150621-dos(100936)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72635" + }, + { + "name": "cisco-telepresence-cve20150621-dos(100936)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100936" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37495", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37495" + }, + { + "name": "20150217 Cisco TelePresence Multipoint Control Unit Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0621" + }, + { + "name": "1031756", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031756" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0897.json b/2015/0xxx/CVE-2015-0897.json index 8906fddba59..0a6e59c4c9b 100644 --- a/2015/0xxx/CVE-2015-0897.json +++ b/2015/0xxx/CVE-2015-0897.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0897", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0897", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0900.json b/2015/0xxx/CVE-2015-0900.json index 83517b5aae5..802702154d4 100644 --- a/2015/0xxx/CVE-2015-0900.json +++ b/2015/0xxx/CVE-2015-0900.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-0900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN74547976/995592/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN74547976/995592/index.html" - }, - { - "name" : "http://www.nishishi.com/cgi/ftsb/20150321.html", - "refsource" : "CONFIRM", - "url" : "http://www.nishishi.com/cgi/ftsb/20150321.html" - }, - { - "name" : "JVN#74547976", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN74547976/index.html" - }, - { - "name" : "JVNDB-2015-000043", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN74547976/995592/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN74547976/995592/index.html" + }, + { + "name": "JVNDB-2015-000043", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000043" + }, + { + "name": "http://www.nishishi.com/cgi/ftsb/20150321.html", + "refsource": "CONFIRM", + "url": "http://www.nishishi.com/cgi/ftsb/20150321.html" + }, + { + "name": "JVN#74547976", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN74547976/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1710.json b/2015/1xxx/CVE-2015-1710.json index 039bdbf7c97..d15ed385b91 100644 --- a/2015/1xxx/CVE-2015-1710.json +++ b/2015/1xxx/CVE-2015-1710.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" - }, - { - "name" : "74513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74513" - }, - { - "name" : "1032282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032282" + }, + { + "name": "74513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74513" + }, + { + "name": "MS15-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3779.json b/2015/3xxx/CVE-2015-3779.json index c6de6858603..bbb6f7c880d 100644 --- a/2015/3xxx/CVE-2015-3779.json +++ b/2015/3xxx/CVE-2015-3779.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "76340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76340" - }, - { - "name" : "1033276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76340" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "1033276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033276" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4004.json b/2015/4xxx/CVE-2015-4004.json index 476bfe8d6d8..7241dfc844a 100644 --- a/2015/4xxx/CVE-2015-4004.json +++ b/2015/4xxx/CVE-2015-4004.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20150513 [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2015/5/13/739" - }, - { - "name" : "[oss-security] 20150605 Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/06/05/7" - }, - { - "name" : "USN-2989-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2989-1" - }, - { - "name" : "USN-2998-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2998-1" - }, - { - "name" : "USN-3000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3000-1" - }, - { - "name" : "USN-3001-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3001-1" - }, - { - "name" : "USN-3002-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3002-1" - }, - { - "name" : "USN-3003-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3003-1" - }, - { - "name" : "USN-3004-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3004-1" - }, - { - "name" : "74669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3004-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3004-1" + }, + { + "name": "74669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74669" + }, + { + "name": "[linux-kernel] 20150513 [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2015/5/13/739" + }, + { + "name": "USN-3001-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3001-1" + }, + { + "name": "USN-3000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3000-1" + }, + { + "name": "USN-3002-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3002-1" + }, + { + "name": "USN-2989-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2989-1" + }, + { + "name": "[oss-security] 20150605 Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/06/05/7" + }, + { + "name": "USN-3003-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3003-1" + }, + { + "name": "USN-2998-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2998-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4218.json b/2015/4xxx/CVE-2015-4218.json index 0843c181445..80ad8556a2a 100644 --- a/2015/4xxx/CVE-2015-4218.json +++ b/2015/4xxx/CVE-2015-4218.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150623 Cisco Jabber for Windows Web-Based User Interface Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39494" - }, - { - "name" : "75377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75377" - }, - { - "name" : "1032711", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150623 Cisco Jabber for Windows Web-Based User Interface Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39494" + }, + { + "name": "1032711", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032711" + }, + { + "name": "75377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75377" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4363.json b/2015/4xxx/CVE-2015-4363.json index a904195a252..24b803dc28e 100644 --- a/2015/4xxx/CVE-2015-4363.json +++ b/2015/4xxx/CVE-2015-4363.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2445967", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2445967" - }, - { - "name" : "72959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72959" + }, + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "https://www.drupal.org/node/2445967", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2445967" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8041.json b/2015/8xxx/CVE-2015-8041.json index 6f579b36013..9da142e0479 100644 --- a/2015/8xxx/CVE-2015-8041.json +++ b/2015/8xxx/CVE-2015-8041.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150708 hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/02/5" - }, - { - "name" : "http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt", - "refsource" : "CONFIRM", - "url" : "http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt" - }, - { - "name" : "https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog" - }, - { - "name" : "https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog" - }, - { - "name" : "DSA-3397", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3397" - }, - { - "name" : "openSUSE-SU-2015:1912", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00037.html" - }, - { - "name" : "openSUSE-SU-2015:1920", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00041.html" - }, - { - "name" : "75604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog", + "refsource": "CONFIRM", + "url": "https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog" + }, + { + "name": "openSUSE-SU-2015:1912", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00037.html" + }, + { + "name": "https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog", + "refsource": "CONFIRM", + "url": "https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog" + }, + { + "name": "75604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75604" + }, + { + "name": "openSUSE-SU-2015:1920", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00041.html" + }, + { + "name": "[oss-security] 20150708 hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/02/5" + }, + { + "name": "DSA-3397", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3397" + }, + { + "name": "http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt", + "refsource": "CONFIRM", + "url": "http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8205.json b/2015/8xxx/CVE-2015-8205.json index 51bd39b4472..aef9905842a 100644 --- a/2015/8xxx/CVE-2015-8205.json +++ b/2015/8xxx/CVE-2015-8205.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8205", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8205", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8208.json b/2015/8xxx/CVE-2015-8208.json index e8bdcab56d4..01b378de16b 100644 --- a/2015/8xxx/CVE-2015-8208.json +++ b/2015/8xxx/CVE-2015-8208.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8208", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8208", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8456.json b/2015/8xxx/CVE-2015-8456.json index 070a7b58f9f..d2e46ee9efc 100644 --- a/2015/8xxx/CVE-2015-8456.json +++ b/2015/8xxx/CVE-2015-8456.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-8439." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "78802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78802" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-8439." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "78802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78802" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8848.json b/2015/8xxx/CVE-2015-8848.json index 47bd206d9f5..f00262b56b8 100644 --- a/2015/8xxx/CVE-2015-8848.json +++ b/2015/8xxx/CVE-2015-8848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8848", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8848", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8877.json b/2015/8xxx/CVE-2015-8877.json index 5efd9e20c2b..e2d247750e0 100644 --- a/2015/8xxx/CVE-2015-8877.json +++ b/2015/8xxx/CVE-2015-8877.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=70064", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=70064" - }, - { - "name" : "https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24" - }, - { - "name" : "https://github.com/libgd/libgd/issues/173", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/issues/173" - }, - { - "name" : "DSA-3587", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3587" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "USN-2987-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2987-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libgd/libgd/issues/173", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/issues/173" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://bugs.php.net/bug.php?id=70064", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=70064" + }, + { + "name": "USN-2987-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2987-1" + }, + { + "name": "DSA-3587", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3587" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5017.json b/2016/5xxx/CVE-2016-5017.json index ae4664acabb..cee0e4070af 100644 --- a/2016/5xxx/CVE-2016-5017.json +++ b/2016/5xxx/CVE-2016-5017.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the \"cmd:\" batch mode syntax, allows attackers to have unspecified impact via a long command string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-5017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160916 [SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/17/3" - }, - { - "name" : "http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html" - }, - { - "name" : "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f", - "refsource" : "CONFIRM", - "url" : "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f" - }, - { - "name" : "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a", - "refsource" : "CONFIRM", - "url" : "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a" - }, - { - "name" : "https://zookeeper.apache.org/security.html#CVE-2016-5017", - "refsource" : "CONFIRM", - "url" : "https://zookeeper.apache.org/security.html#CVE-2016-5017" - }, - { - "name" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", - "refsource" : "CONFIRM", - "url" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" - }, - { - "name" : "93044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the \"cmd:\" batch mode syntax, allows attackers to have unspecified impact via a long command string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", + "refsource": "CONFIRM", + "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" + }, + { + "name": "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f", + "refsource": "CONFIRM", + "url": "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f" + }, + { + "name": "[oss-security] 20160916 [SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/17/3" + }, + { + "name": "93044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93044" + }, + { + "name": "https://zookeeper.apache.org/security.html#CVE-2016-5017", + "refsource": "CONFIRM", + "url": "https://zookeeper.apache.org/security.html#CVE-2016-5017" + }, + { + "name": "http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html" + }, + { + "name": "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a", + "refsource": "CONFIRM", + "url": "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5085.json b/2016/5xxx/CVE-2016-5085.json index d3f9043243c..6e1e36c2156 100644 --- a/2016/5xxx/CVE-2016-5085.json +++ b/2016/5xxx/CVE-2016-5085.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS" - }, - { - "name" : "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01" - }, - { - "name" : "VU#884840", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/884840" - }, - { - "name" : "93351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump" + }, + { + "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01" + }, + { + "name": "VU#884840", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/884840" + }, + { + "name": "93351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93351" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5124.json b/2016/5xxx/CVE-2016-5124.json index d09025b0815..78d56bdb84d 100644 --- a/2016/5xxx/CVE-2016-5124.json +++ b/2016/5xxx/CVE-2016-5124.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160713 Open-Xchange Security Advisory 2016-07-13", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538892/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html", - "refsource" : "CONFIRM", - "url" : "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html" - }, - { - "name" : "91775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91775" - }, - { - "name" : "1036296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html", + "refsource": "CONFIRM", + "url": "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html" + }, + { + "name": "20160713 Open-Xchange Security Advisory 2016-07-13", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538892/100/0/threaded" + }, + { + "name": "1036296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036296" + }, + { + "name": "91775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91775" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5641.json b/2016/5xxx/CVE-2016-5641.json index 5899dfe7055..ad056b816b5 100644 --- a/2016/5xxx/CVE-2016-5641.json +++ b/2016/5xxx/CVE-2016-5641.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5641", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5641", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2257.json b/2018/2xxx/CVE-2018-2257.json index 96fbf25d531..e154147f7be 100644 --- a/2018/2xxx/CVE-2018-2257.json +++ b/2018/2xxx/CVE-2018-2257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2257", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2257", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2374.json b/2018/2xxx/CVE-2018-2374.json index 8edfdabba20..ae1e47bd8b2 100644 --- a/2018/2xxx/CVE-2018-2374.json +++ b/2018/2xxx/CVE-2018-2374.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP HANA Extended Application Services", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "1.0" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP HANA Extended Application Services", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2589129", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2589129" - }, - { - "name" : "103018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103018" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2589129", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2589129" + }, + { + "name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2595.json b/2018/2xxx/CVE-2018-2595.json index daa9b1da01e..8e09d3b47b4 100644 --- a/2018/2xxx/CVE-2018-2595.json +++ b/2018/2xxx/CVE-2018-2595.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hyperion BI+", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.2.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion BI+", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.2.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102643" - }, - { - "name" : "1040206", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102643" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040206", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040206" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2841.json b/2018/2xxx/CVE-2018-2841.json index d4e7eebe608..07400b6c345 100644 --- a/2018/2xxx/CVE-2018-2841.json +++ b/2018/2xxx/CVE-2018-2841.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle Database", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.2.0.4" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.2.0.4" + }, + { + "version_affected": "=", + "version_value": "12.1.0.2" + }, + { + "version_affected": "=", + "version_value": "12.2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103839" - }, - { - "name" : "1040691", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103839" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "1040691", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040691" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2977.json b/2018/2xxx/CVE-2018-2977.json index ee81031266d..e383f450c1b 100644 --- a/2018/2xxx/CVE-2018-2977.json +++ b/2018/2xxx/CVE-2018-2977.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104824" - }, - { - "name" : "1041306", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104824" + }, + { + "name": "1041306", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041306" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6379.json b/2018/6xxx/CVE-2018-6379.json index ce03420d18e..e5fd255a146 100644 --- a/2018/6xxx/CVE-2018-6379.json +++ b/2018/6xxx/CVE-2018-6379.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/721-20180104-core-xss-vulnerability.html", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/721-20180104-core-xss-vulnerability.html" - }, - { - "name" : "102918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102918" - }, - { - "name" : "1040316", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040316", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040316" + }, + { + "name": "https://developer.joomla.org/security-centre/721-20180104-core-xss-vulnerability.html", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/721-20180104-core-xss-vulnerability.html" + }, + { + "name": "102918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102918" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6902.json b/2018/6xxx/CVE-2018-6902.json index b7f98b20cee..252ec78d3ec 100644 --- a/2018/6xxx/CVE-2018-6902.json +++ b/2018/6xxx/CVE-2018-6902.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0day4u.wordpress.com/2018/03/12/image-sharing-script-stored-xss/", - "refsource" : "MISC", - "url" : "https://0day4u.wordpress.com/2018/03/12/image-sharing-script-stored-xss/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0day4u.wordpress.com/2018/03/12/image-sharing-script-stored-xss/", + "refsource": "MISC", + "url": "https://0day4u.wordpress.com/2018/03/12/image-sharing-script-stored-xss/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7436.json b/2018/7xxx/CVE-2018-7436.json index 43c68e88bf6..5d1e959819b 100644 --- a/2018/7xxx/CVE-2018-7436.json +++ b/2018/7xxx/CVE-2018-7436.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547883", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547883" - }, - { - "name" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE" - }, - { - "name" : "DSA-4129", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547883", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547883" + }, + { + "name": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE" + }, + { + "name": "DSA-4129", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4129" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7867.json b/2018/7xxx/CVE-2018-7867.json index c98e711775b..562ce588530 100644 --- a/2018/7xxx/CVE-2018-7867.json +++ b/2018/7xxx/CVE-2018-7867.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180409 [SECURITY] [DLA 1343-1] ming security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00008.html" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260" - }, - { - "name" : "https://github.com/libming/libming/issues/116", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260" + }, + { + "name": "[debian-lts-announce] 20180409 [SECURITY] [DLA 1343-1] ming security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00008.html" + }, + { + "name": "https://github.com/libming/libming/issues/116", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/116" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1070.json b/2019/1xxx/CVE-2019-1070.json index 3eb9e5933e1..ba72e0a4774 100644 --- a/2019/1xxx/CVE-2019-1070.json +++ b/2019/1xxx/CVE-2019-1070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1070", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1070", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1215.json b/2019/1xxx/CVE-2019-1215.json index c1138ddd3de..4adce175d1f 100644 --- a/2019/1xxx/CVE-2019-1215.json +++ b/2019/1xxx/CVE-2019-1215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1215", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1215", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1216.json b/2019/1xxx/CVE-2019-1216.json index cfe63d1f131..f69f3e646ca 100644 --- a/2019/1xxx/CVE-2019-1216.json +++ b/2019/1xxx/CVE-2019-1216.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1216", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1216", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1306.json b/2019/1xxx/CVE-2019-1306.json index e4eb0dde33a..42da1012c36 100644 --- a/2019/1xxx/CVE-2019-1306.json +++ b/2019/1xxx/CVE-2019-1306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1766.json b/2019/1xxx/CVE-2019-1766.json index 7eca0c3578e..0691632e565 100644 --- a/2019/1xxx/CVE-2019-1766.json +++ b/2019/1xxx/CVE-2019-1766.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1766", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1766", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5465.json b/2019/5xxx/CVE-2019-5465.json index e5894d42b62..6f94aab82f4 100644 --- a/2019/5xxx/CVE-2019-5465.json +++ b/2019/5xxx/CVE-2019-5465.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5465", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5465", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5584.json b/2019/5xxx/CVE-2019-5584.json index c336e58db10..68dc00d064b 100644 --- a/2019/5xxx/CVE-2019-5584.json +++ b/2019/5xxx/CVE-2019-5584.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5584", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5584", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5830.json b/2019/5xxx/CVE-2019-5830.json index 0be91162e85..1cfec5c3adc 100644 --- a/2019/5xxx/CVE-2019-5830.json +++ b/2019/5xxx/CVE-2019-5830.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5830", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5830", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file